Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Adding HttpOnly to session cookie in order to raise the barrier to XS…

…S cookie theft
  • Loading branch information...
commit 899a4a7b491457ce7a523fa6df0b7bfad7582861 1 parent e09b31f
@richmarr richmarr authored
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/cookie-sessions.js
View
4 lib/cookie-sessions.js
@@ -39,13 +39,13 @@ var exports = module.exports = function(settings){
if ("cookie" in req.headers) {
cookiestr = escape(s.session_key) + '='
+ '; expires=' + exports.expires(0)
- + '; path=/';
+ + '; path=/; HttpOnly';
}
} else {
cookiestr = escape(s.session_key) + '='
+ escape(exports.serialize(s.secret, req.session))
+ '; expires=' + exports.expires(s.timeout)
- + '; path=/';
+ + '; path=/; HttpOnly';
}
if (cookiestr !== undefined) {
Please sign in to comment.
Something went wrong with that request. Please try again.