HttpOnly for request cookies

StackOverflow https://stackoverflow.com//questions/21057331

Question

Is there a way of setting a request cookie httpOnly? If not why can't we set it? I've set the response cookies to httpOnly using weblogx.xml/weblogic server.

Was it helpful?

Solution

Not possible.

Cookies are set in a HTTP response, and are read from a HTTP request. You can only set flags when cookies are created, so they can only be set in the response when using HTTP so it would not make sense to set HttpOnly on a request cookie.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top