Is there a way of setting a request cookie httpOnly? If not why can't we set it? I've set the response cookies to httpOnly using weblogx.xml/weblogic server.
HttpOnly for request cookies
4.6k Views Asked by avijendr At
1
There are 1 best solutions below
Related Questions in SECURITY
- Can MVC.NET prevent SQL-injection at razor or controller level?
- Forgotten password reset page: should the user need to enter a username/email as well?
- Dynamic roles list in CustomAuthorize ASP MVC
- Access roles from multiple applications
- How to Fix TLS CBC Incorrect Padding Abuse Vulnerability on Windows 2003 Server
- Evernote Web Clipper and Content Security Policy
- Invalidate user credentials when password changes
- Spring Boot MVC non-role based security
- Correct Captcha behaviour on error
- Is macro more secure than static const if I don't want someone to know or change the hardcode value?
- In Android, ensuring only pre-decided users can only use the app
- Authenticating plain text passwords against md5 hash in DB using Apache Shiro
- Symfony2 - handle HTTP/Entity user access restrictions
- Client side computation without exposing code?
- searchable row level encryption using java?
Related Questions in SESSION-COOKIES
- Internet explorer 11 browser cannot display the expires value of the session cookie from my app
- Server side PHP session is not working in android
- Can JWT be a replacement for session based authentication for web application?
- ActionDispatch nil value for env[ENV_SESSION_OPTIONS_KEY]
- Where does Jetty store information about authenticated user?
- How to use HTTP/2 connection instead of session cookies?
- Play Framework not setting cookie on initial page load
- How to add keep me logged in using PHP?
- How to achieve a persistent HTTP session in MATLAB?
- How to pass a modified or custom session while making request in testing flask applications?
- Multiple users with unique session IDs in jmeter
- $_SERVER['HTTP_COOKIE'] return's two PHPSESSID
- TokenMismatchException in VerifyCsrfToken.php line 53 in Laravel 5.1
- Very strange session issue with Opencart and PHP
- JSessionID changes on resource request after login which invalidates the session
Related Questions in OWASP
- Java bean validation alternatives to OWASP ESAPI
- Csrfguard unprotected resources are protected
- ESAPI.validator().getValidInput returning "null" value
- How to add custom exclude parameter via zap API
- I am using the OWASP library to ensure data is safe before inserting to html however emojis are not displaying
- Rails Brakeman SQL injection warning while accessing an oracle view/function
- OWASP top 10 web app security risks mitigation in AngularJS
- Axis2 - Information Leakage Prevention
- Why is it common to put CSRF prevention tokens in cookies?
- out of scope error shown in ajax spider attack in zap
- How to re-install deleted add-on in owasp zap?
- how to execute two sites at a same time in owasp zap
- How to receive SQL syntax error using SQL injection?
- OWASP AppSensor - Deploying Java Back-end API
- File uploads fail with through web application firewall with mod_security and mod_rewrite
Related Questions in HDIV
- How do I retrieve a multipart file uploaded using Ajax in a website that uses HDIV?
- cannot find the Tag library for HDIV 2.1.11
- HDIV changable hidden field
- Issue in form submit with the Integration of HDIV and Spring MVC
- hdiv org.hdiv.filter.ValidatorFilter cannot be cast to javax.servlet.Filter
- OWASP top 10 web app security risks mitigation in AngularJS
- How to Integrate HDIV and ExtJS
- HttpOnly for request cookies
- How to make AJAX calls with Dynamic URLS in HDIV
- grails hdiv integration - session succeeds but get HDIV_PARAMETER_NOT_EXISTS exception
- HDIV Integration with RESTful webservice
- HDIV issue while redirecting in Spring MVC Controller
- Hdiv compliant url setting through Javascript, ajax
- HDIV config to set parameters in hidden fields instead of URL
- hdiv step by step implementation in strut2
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Not possible.
Cookies are set in a HTTP response, and are read from a HTTP request. You can only set flags when cookies are created, so they can only be set in the response when using HTTP so it would not make sense to set HttpOnly on a request cookie.