Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-7386

[Java Broker, WMC] Session Cookie should set the HttpOnly flag

    XMLWordPrintableJSON

Details

    Description

      Cookies that do not have the HttpOnly flag set can be accessed via javascript. Thus should there be a XSS vulnerability the malicious script could access the session cookie to hijack the session.
      See OWASP for more information.

      Attachments

        1. QPID-7386.diff
          0.9 kB
          Lorenz Quack

        Activity

          People

            Unassigned Unassigned
            lorenz.quack Lorenz Quack
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: