Making the elgg session cookie HttpOnly
By fiftyeight
Hi, I thought to myself that it'll be more secure to make the elgg session cookie HttpOnly
so it can't be accessed through javascript (for security).
If I do it, can it break anything?
Hi, I thought to myself that it'll be more secure to make the elgg session cookie HttpOnly
so it can't be accessed through javascript (for security).
If I do it, can it break anything?
- Brett@brett.profitt
Brett - 0 likes
- fiftyeight@fiftyeight
fiftyeight - 0 likes
You must log in to post replies.It's unsupported but off hand and without looking at the code I don't think there's anything in core that accesses the cookie through JS. Give it a try and let us know what happens! You'll probably know quickly if things are messed up.
Thanks brett I'll post the results here