diff options
Diffstat (limited to 'exampleSite/content/checklist/webappsec/04_authz_AuthenticationCookiesandSessions.md')
| -rw-r--r-- | exampleSite/content/checklist/webappsec/04_authz_AuthenticationCookiesandSessions.md | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/exampleSite/content/checklist/webappsec/04_authz_AuthenticationCookiesandSessions.md b/exampleSite/content/checklist/webappsec/04_authz_AuthenticationCookiesandSessions.md index 38c07b6..32abede 100644 --- a/exampleSite/content/checklist/webappsec/04_authz_AuthenticationCookiesandSessions.md +++ b/exampleSite/content/checklist/webappsec/04_authz_AuthenticationCookiesandSessions.md @@ -1,5 +1,6 @@ --- hidden: true +ignoresearch: true --- **Cookies can be decorated with a special keyword, `HttpOnly`. If this keyword is set, the browser will not allow JavaScript to access the cookie. Even if the application has a cross-site scripting vulnerability, this keyword makes it much harder for an attacker to steal the session cookie.** |