Share:- Whatsapp Facebook Facebook

------------------------------------- Welcome to Developerhelpway Q&A, where you can ask questions and receive answers from other members of the community.

How can you secure your HTTP cookies against XSS attacks

0 votes
37 views
How can you secure your HTTP cookies against XSS attacks ?
asked Nov 9, 2018 in Node.js by pavneet kohli

1 Answer

0 votes
XSS attacks when the attacker injects the executable javascript code into HTML response.

To reduce these attacks, you have to set flags on the set-cookie HTTP header:-

    1. HttpOnly - It is used to prevent attacks such as cross-site scripting since it does not allow the cookie to be accessed via JavaScript.
    2. secure - This attribute tells the browser to only send the cookie if the request is being sent over HTTPS.

For Example:- Set-Cookie: sid=<cookie-value>; HttpOnly. If you are using Express, with express-cookie session, it is working by default.
answered Nov 10, 2018 by ranju_12 (3,740 points)
...