Darth Florus Posted May 23, 2017 Share Posted May 23, 2017 Mr. Farshad: I was investigate about security issues because a auditoring in my customers. I see that UniGui doesn't have Session Cookies, then is no problem the use of the parameter HttpOnly for the cookies. I realice that have a javascript variable _S_ID with the Session ID value. The HttpOnly parameters is to avoid a maliciosus javascript to get/set the Session Cookie ID, but implemening with a JavaScript Variable is more modificable and have not a way to avoid this. I'm right? About CSRF attacks I want to ask if they are implemented a issue to avoid this type of attack. Best Regards Quote Link to comment Share on other sites More sharing options...
fullhappy Posted September 30, 2020 Share Posted September 30, 2020 There are indeed cookie security issues. 1. Httponly must have the function of enabling settings; 2. The secure attribute can also be set. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.