Mark Cookies as HTTPONLY

Marking your cookies as HTTPONLY will mean that JavaScript code running in most browsers cannot access a user’s cookies. This is important as if a hacker¬†does manage to compromise¬†your site and inject JavaScript it may be possible for the hacker to steal values of cookies (including security cookies). If HTTPONLY is set on the cookies […]