CMS Made Simple Forums

Posted: **Sat Oct 06, 2012 4:07 pm**

Hi Everyone,
I have to run a quarterly compliance scan on an e-commerce site , and as per the scan results, I need to add the HttpOnly to all cookies.

As per the request:

For each cookie generated by your web-site, add the "HttpOnly" flag to the cookie. For example:

Set-Cookie: <name>=<value>[; <Max-Age>=<age>]
[; expires=<date>][; domain=<domain_name>]
[; path=<some_path>][; secure][; HttpOnly]

Can someone please tell me where to put this?

Thank you.

Posted: **Sat Oct 06, 2012 4:21 pm**

if your domain is "http://www.blah... in the call than it is http only isn't it? It won't show up when you are in another subdomain or even in "http://blah...

Rolf

Posted: **Sat Oct 06, 2012 4:50 pm**

It references both. Here is what it said:

Cookie is not marked as HttpOnly:
'CMSSESSIDea91a2b9=f562221a80bd
d157bf44bf311d9da183; path=/;
domain=mysite.com'
URL: "http://mysite.com/

and

Cookie is not marked as HttpOnly:
'CMSSESSIDea91a2b9=7cacb08c89bf4
1f6216aba4f159afb86; path=/;
domain=www.mysite.com'
URL: "http://www.mysite.com/

Posted: **Sat Oct 06, 2012 5:01 pm**

I think you better Google for this...
Something like http://stackoverflow.com/questions/4999 ... javascript

grtz. Rolf

CMS Made Simple Forums

Where to put this cookie?

Where to put this cookie?

Re: Where to put this cookie?

Re: Where to put this cookie?

Re: Where to put this cookie?