https://stackoverflow.com/questions/21345817
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianfrom HTTP Cookies Explained:
The expiration date on this cookie hasn’t changed, since the identifying characteristics of the cookie are the same. In fact, the expiration date won’t change until you manually change it again. That means a session cookie can become a persistent cookie (one that lasts multiple sessions) within the same session but the opposite isn’t true. In order to change a persistent cookie to a session cookie, you must delete the persistent cookie by setting its expiration date to a time in the past and then create a session cookie with the same name.
Keep in mind that the expiration date is checked against the system time on the computer that is running the browser. There is no way to verify that the system time is in sync with the server time and so errors may occur when there is a discrepancy between the system time and the server time.
further down:
To create an HTTP-only cookie, just add an HttpOnly flag to your cookie:
In the Opera Dragonfly documentation:
HTTPOnly cookie Session and persistent cookies can also be HTTPOnly. A HTTPOnly cookie can not be accessed by client-side scripting, which is designed to help against cross-site scripting attacks. HTTPOnly cookies are labelled with a tick icon in the HTTPOnly column.
it looks like you can also apply the HTTPOnly flag at least for Opera Dragonfly
