are there implicit cookies created while web navigation? / httpOnly flag

https://stackoverflow.com/questions/15450583

PHP
security
session
cookies
httponly

24-03-2022
|

質問

In my website I am not using any kind of cookies, everything goes through server-side session handling. (no setcookie instruction at all)

But still, using Acunetix website vulnerability checker, I get a report about "Session cookie without httpOnly flag set"

Is there something I'm missing? Are there any implicit cookies anyway?

Thank you

解決

Sessions are using cookies! Unless you transport the session id in URLs (which isn't good either), a session sets a cookie. A session consists of the server-side data storage and a session cookie, which contains a random id associating the client with the server-side data.

ライセンス： CC-BY-SA と帰属

所属していません StackOverflow