• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Session Collision

#11
(05-22-2020, 07:57 AM)dave friend Wrote: To help prevent session hijacking and XSS always use the following.
PHP Code:
$config['cookie_httponly'] = true

This aren't true regarding session, it's forced to be httponly. This prevents all other cookies to be httponly thought.
Reply

#12
(05-22-2020, 09:54 AM)jreklund Wrote: This aren't true regarding session, it's forced to be httponly. This prevents all other cookies to be httponly thought.

That is correct. CI v3 always sets session cookies for httponly. My reason for bringing it up was that ALL cookies should use that option.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.