Set-Cookie/EN: Unterschied zwischen den Versionen
Zeile 1: | Zeile 1: | ||
=== {{:{{PAGENAME}}/Headline}} === | === {{:{{PAGENAME}}/Headline}} === | ||
+ | |||
+ | If the result is positive, there is no need for further action. If the result is negative, please read the following instructions. | ||
{| class="wikitable" | {| class="wikitable" | ||
− | |''' | + | |'''Result positive'''|| {{:{{PAGENAME}}/Positive}} |
+ | |- | ||
+ | |'''Result negativ'''|| {{:{{PAGENAME}}/Negative}} | ||
|- | |- | ||
|'''Description'''|| {{:{{PAGENAME}}/Description}} | |'''Description'''|| {{:{{PAGENAME}}/Description}} |
Version vom 3. April 2019, 16:06 Uhr
Check of Set-Cookie
If the result is positive, there is no need for further action. If the result is negative, please read the following instructions.
Result positive | Cookies are secured. |
Result negativ | Cookies are not secured. |
Description | Cookies should be secured by setting the HttpOnly and Secure flags to ensure they cannot be read or altered by others. |
Background | Checks whether or not cookies are secured. |
Consequence | Unsecured cookies can be altered or read through a man-in-the-middle-attack. |
Solution/Tips | `httpOnly`-flag: set this so that cookies cannot be accessed by Javascript. You protect session information from being stolen and misused. Whoever owns a session cookie is authenticated.
`secure`-Flag: set this to ensure that cookies are only transmitted across encrypted (https) channels. |