Revision as of 20:51, 29 January 2011 view source 201.47.222.230 (talk) →Privacy and third-party cookies ← Previous edit		Revision as of 00:16, 31 January 2011 view source Pleasancoder (talk \| contribs) 76 edits →HttpOnly Cookie Next edit →
Line 33: === HttpOnly Cookie === HttpOnly cookie is still in IETF draft<ref name="httponlyrfc">IETF [http://tools.ietf.org/html/draft-ietf-httpstate-cookie-20 Internet Draft: HTTP State Management Mechanism - Dec 19, 2010] Obsoletes RFC 2965 (if approved). </ref>, though most of the modern browsers support it. On a supported browser, a HttpOnly cookie will only be used when transmitting HTTP (or HTTPS) requests, but the cookie ~~value~~values isare unavailable to ~~JavaScript.~~client ~~This~~side ~~will~~script, ~~effectively~~hence ~~thwart~~mitigate the threat of cookie theft via [[Cross-site scripting]] ~~if the cookies required to perform critical actions are all HttpOnly~~. === Third-party cookie ===

HTTP cookie: Difference between revisions