Services
Technology Web App Development Mobile App Development Windows App Development Database Development UI/UX Development Cloud Development SEO Digital Marketing Guest Posting Content Writing Artificial Intelligence Data Science ERP Development CRM Development CMS Development LMS Development Business Listing Blockchain Technology Startup Promotion
Products
Data Converter Cleaner TUC - Unit Converter Import Export Survey Manager Tweet Controller
Developer
Article Blog Forum Interview Beginner News Startup Quiz
Users
Career
Apply Job Internship
Pricing
Login Sign Up Get a Quote

interview

home / developersection / interviews / how can you secure your http cookies against xss attacks?
Ask Question
Shrikant Mishra
Shrikant Mishra

Content Writer

I'm a professional writer and Business Development with more than 10 years of experience. I have worked for a lot of businesses and can share sample works with you upon request. Chat me up and let's get started.

Message

1 Answers

Shrikant Mishra
Shrikant Mishra 19 Jan 2021
Report Abuse

Cross site scripting (XSS) occurs when the attacker injects executable JavaScript code into the HTML response.

To reduce these attacks, we have to set flags on the set_cookies HTTP header:

HttpOnly - it attribute is used to help prevent attacks such as cross-site scripting since it does not allow the cookie to be accessed via JavaScript.

Secure - it attribute tells the browser to only send the cookie if the request is being sent over HTTPS.

So it would look something like this: 

Set-Cookie: sid=<cookie-value>; HttpOnly.

Whether, you are using Express, with express-cookie session, it is working by default.

MindStick Training