Ensure cookies are HTTPOnly

Description

See here for a possible solution for Lucee session cookies: http://bloginblack.de/2013/11/an-update-on-httponly-marked-cookies-in-railo-4-1/

Probably sensible to change the default to the cookie abstraction so that application cookies are httpOnly by default.

But check existing cookies, PRESIDEWORKFLOWSESSION + DEFAULTLOCALE

Assignee

Unassigned

Reporter

Dominic Watson

Labels

None

Accepted

Yes

Fix versions

Priority

Medium
Configure