Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

JavaScript > Security > Flashcards

Security Flashcards

1
Q

What is the difference between secure and httpOnly cookies?

A

A secure cookie is only sent to the server with an encrypted request over the HTTPS protocol. Even
with Secure, sensitive information should never be stored in cookies, as they are inherently insecure
and this flag can’t offer real protection. Starting with Chrome 52 and Firefox 52, insecure sites
(http:) can’t set cookies with the Secure directive.

To help mitigate cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to
JavaScript’s Document.cookie API; they are only sent to the server. For example, cookies that
persist server-side sessions don’t need to be available to JavaScript, and the HttpOnly flag should
be set.```

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

JavaScript (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions