Set-Cookie/EN
Version vom 2. November 2018, 21:05 Uhr von Siwebot (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „=== <span style="color:#c31622">{{:{{PAGENAME}}/Headline}}<span>=== {| class="wikitable" |'''Check'''|| {{:{{PAGENAME}}/Negative}} |- |'''Beschreibung'''…“)
Check of Set-Cookie
| Check | Cookies are not secured. |
| Beschreibung | Cookies should be secured by setting the HttpOnly and Secure flags to ensure they cannot be read or altered by others. |
| Hintergrund | Checks whether or not cookies are secured. |
| Auswirkung | Unsecured cookies can be altered or read through a man-in-the-middle-attack. |
| Lösung / Tipps | `httpOnly`-flag: set this so that cookies cannot be accessed by Javascript. You protect session information from being stolen and misused. Whoever owns a session cookie is authenticated.
`secure`-Flag: set this to ensure that cookies are only transmitted across encrypted (https) channels. |
[[Category: ]]
