HTTP Strict Transport Security

web An emerging standard called Strict Transport Security is starting to gain some traction among web browsers. Google Chrome supports it and Firefox is working on it (currently supported in the noscript FF extension).

This entry was:

Setting up HTTPOnly Session Cookies for ColdFusion

coldfusion Internet Explorer pioneered a great security feature for cookies called HTTPOnly, when this flag is set the browser does not allow JavaScript to access the cookie. Now that all modern browsers support this flag it can reduce the risk of session hijacking due to cross site scripting.

This entry was:


did you hack my cf?