Brad Fitzpatrick (bradfitz) wrote in lj_dev,
Brad Fitzpatrick
bradfitz
lj_dev

Safer Cookies

Microsoft recently added a feature to IE6 SP1 whereby cookies can be flagged with an "HttpOnly" attribute which disables their availability to client-side scripts.

I made the LiveJournal "ljsession" cookie set that attribute.

If you use IE6 SP1 (go get it from Windows Update if you use a different IE), then logout, and log back in to get the more secure cookie.

There's an RFE to get this added to Mozilla also:
http://bugzilla.mozilla.org/show_bug.cgi?id=178993

Go vote for it if you have a Bugzilla account.
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    switch
    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    Help
  • 2 comments