Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Adding HttpOnly to session cookie in order to raise the barrier to XS…

…S cookie theft
  • Loading branch information...
commit 899a4a7b491457ce7a523fa6df0b7bfad7582861 1 parent e09b31f
Richard Marr richmarr authored
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/cookie-sessions.js
4 lib/cookie-sessions.js
View
@@ -39,13 +39,13 @@ var exports = module.exports = function(settings){
if ("cookie" in req.headers) {
cookiestr = escape(s.session_key) + '='
+ '; expires=' + exports.expires(0)
- + '; path=/';
+ + '; path=/; HttpOnly';
}
} else {
cookiestr = escape(s.session_key) + '='
+ escape(exports.serialize(s.secret, req.session))
+ '; expires=' + exports.expires(s.timeout)
- + '; path=/';
+ + '; path=/; HttpOnly';
}
if (cookiestr !== undefined) {
Please sign in to comment.
Something went wrong with that request. Please try again.