Shulou(Shulou.com)06/01 Report--

In xss***, there is a way to forge identity, *** through malicious scripts to obtain user cookie information, with this cookie information forged real users to access the user's private space.

In this article, we talk about the security of httponly and cooked.

httponly was originally proposed by Microsoft, that is, the browser prohibits the page js from accessing cookies with the HttpOnly attribute. HttpOnly does not directly combat XSS***, it only prevents XSS*** from stealing cookies. For cookies that store sensitive information, you can set this attribute to prevent *** from stealing cookies.

Here's how to turn on the HttpOnly attribute, actually in php.ini we just turn it on, like this:

, or turn on the session-level HttpOnly attribute in the session: ini_set().

For other questions, see netsecurity.51cto.com/art/201305/393775.htm

For cookie coverage see netsecurity.51cto.com/art/201404/435401.htm

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.