Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Merged pull request #12 from richmarr/master.

Added protection against XSS cookie-theft attacks
  • Loading branch information...
commit a2e5c874104dfb11ce282dd7cec656835ad9e271 2 parents e09b31f + 899a4a7
@caolan authored
Showing with 2 additions and 2 deletions.
  1. +2 −2 lib/cookie-sessions.js
View
4 lib/cookie-sessions.js
@@ -39,13 +39,13 @@ var exports = module.exports = function(settings){
if ("cookie" in req.headers) {
cookiestr = escape(s.session_key) + '='
+ '; expires=' + exports.expires(0)
- + '; path=/';
+ + '; path=/; HttpOnly';
}
} else {
cookiestr = escape(s.session_key) + '='
+ escape(exports.serialize(s.secret, req.session))
+ '; expires=' + exports.expires(s.timeout)
- + '; path=/';
+ + '; path=/; HttpOnly';
}
if (cookiestr !== undefined) {

0 comments on commit a2e5c87

Please sign in to comment.
Something went wrong with that request. Please try again.