I wanted to understand the security threat caused by not setting httponly flag for ARRAffinity cookie which is sent by ARR. Do i need to set the httponly flag? If not why?
Does ARRAffinity cookie need HttpOnly flag
888 Views Asked by AudioBubble At
1
There are 1 best solutions below
Related Questions in AZURE-DEVOPS
- Lu-oxmysql Assistance
- Lua variable ambient invoked by another file
- I want to complete the FiveM Lua syntax
- Create Channel discord.js
- Lua table pairs output showing same value
- trying to add a series of text to a string for (fivem)
- FiveM Server Error Linux ubuntu 18.04 Yarn
- [ script:es_extended SCRIPT ERROR: @es_extended/server/functions.lua:127: attempt to index a nil value (local 'xPlayer')
- Converting a steam hex into steam community id
- Fivem remove job dependency. Im trying to fix so all players can search other players inventory without having a job
Related Questions in AZURE-WEB-APP-SERVICE
- Lu-oxmysql Assistance
- Lua variable ambient invoked by another file
- I want to complete the FiveM Lua syntax
- Create Channel discord.js
- Lua table pairs output showing same value
- trying to add a series of text to a string for (fivem)
- FiveM Server Error Linux ubuntu 18.04 Yarn
- [ script:es_extended SCRIPT ERROR: @es_extended/server/functions.lua:127: attempt to index a nil value (local 'xPlayer')
- Converting a steam hex into steam community id
- Fivem remove job dependency. Im trying to fix so all players can search other players inventory without having a job
Related Questions in ARR
- Lu-oxmysql Assistance
- Lua variable ambient invoked by another file
- I want to complete the FiveM Lua syntax
- Create Channel discord.js
- Lua table pairs output showing same value
- trying to add a series of text to a string for (fivem)
- FiveM Server Error Linux ubuntu 18.04 Yarn
- [ script:es_extended SCRIPT ERROR: @es_extended/server/functions.lua:127: attempt to index a nil value (local 'xPlayer')
- Converting a steam hex into steam community id
- Fivem remove job dependency. Im trying to fix so all players can search other players inventory without having a job
Related Questions in COOKIE-HTTPONLY
- Lu-oxmysql Assistance
- Lua variable ambient invoked by another file
- I want to complete the FiveM Lua syntax
- Create Channel discord.js
- Lua table pairs output showing same value
- trying to add a series of text to a string for (fivem)
- FiveM Server Error Linux ubuntu 18.04 Yarn
- [ script:es_extended SCRIPT ERROR: @es_extended/server/functions.lua:127: attempt to index a nil value (local 'xPlayer')
- Converting a steam hex into steam community id
- Fivem remove job dependency. Im trying to fix so all players can search other players inventory without having a job
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular # Hahtags
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
ARRAffinitycookie don't needHttpOnlyflag. I found below feedback which is raised in 2016. And Azure team gave response in 2017.Set ARRAffinity cookie with correct attributes - HTTPOnly & Secure
But now,
ARRAffinityhas set thehttponlyflag by default. We don't need to manually sethttponly.ARRAffinityandARRAffinitySameSiteare both used to tell Azure whichiis instanceshould be reached.Hope the following article can help you.
Securing the ARRAffinity Cookie
If we set like below code, in our browser, we can't get cookies which is security.