Without having HttpOnly and Secure flag in HTTP response header, it is possible to steal or manipulate web application session and cookies. It’s good practice to set HttpOnly and Secure flag in application code by developers. However, due to bad programming or developers’ unawareness it comes to Web Infrastructures.
Implement in Apache:
For detail Click here
No comments:
Post a Comment