Lorenzo Barbieri @ Weblogs.Asp.Net

Shake your thoughts... Confessions of a MSF and .NET addicted
        www.lorenzobarbieri.info

Activities

My articles<br><font size="1">(in English)</font>

My articles<br><font size="1">(in Italian)</font>

My old articles<br><font size="1">for <a href="http://www.objectway.it">ObjectWay SpA</a> (in Italian)</font>

My projects

The Italian Blog...<br><font size="1">(my Official Italian blog)</font>

Internet Explorer 6.1 ????

In the document about ASP.NET security that Roy have linked, I've found a very interesting row...

  • The HttpOnly cookie option is used for defense in depth to help prevent cross-site scripting. (This applies to Internet Explorer 6.1 or later.)

What's happening here?  A new version of IE? A typo? Who knows...

Posted: Sep 22 2003, 12:57 PM by barbilor | with 4 comment(s)

Comments

Dumky said:

The HTTPOnly cookie "option" is available in the recent versions of IE 6.0, no need to wait for 6.1 ;-)

It is used on some Microsoft sites like Passport. For example, if you go to the "Edit Profile" page (to edit your account info) and type "javascript:alert(document.cookie)" you won't see any cookies even though there is some.
# September 22, 2003 1:55 PM

Robert McLaws said:

Quoted from the chapter the checklist relates to:

'Check the HttpOnly Cookie Option
Internet Explorer 6 SP 1 supports a new HttpOnly cookie attribute that prevents client-side script from accessing the cookie from the document.cookie property. Instead, an empty string is returned. The cookie is still sent to the server whenever the user browses to a Web site in the current domain. For more information, see the "Cross-Site Scripting" section in Chapter 10, "Building Secure ASP.NET Pages and Controls."'
# September 22, 2003 5:03 PM

hamza said:

hi
# May 25, 2004 4:00 PM

Thats one PHP-5.2.x feature for Phorum-5.2 I’d like to use … « Another web-guy talking … said:

Pingback from  Thats one PHP-5.2.x feature for Phorum-5.2 I&#8217;d like to use &#8230; &laquo; Another web-guy talking &#8230;

# July 19, 2007 12:21 PM
Leave a Comment

(required) 

(required) 

(optional)

(required)