Sessions are using cookies! Unless you transport the session id in URLs (which isn't good either), a session sets a cookie. A session consists of the server-side data storage and a session cookie, which contains a random id associating the client with the server-side data.
are there implicit cookies created while web navigation? / httpOnly flag
Question
In my website I am not using any kind of cookies, everything goes through server-side session handling. (no setcookie
instruction at all)
But still, using Acunetix website vulnerability checker, I get a report about "Session cookie without httpOnly flag set"
Is there something I'm missing? Are there any implicit cookies anyway?
Thank you
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow