Secure cookie with HttpOnly and Secure in Apache Ubuntu

By -

 This is a new security feature introduced by Microsoft in IE 6 SP1 to mitigate the possibility of a successful Cross-Site scripting attack by not allowing cookies with the HTTP only attribute to be accessed via client-side scripts.

We can mitigate most common XSS attacks in our web application using HttpOnly and Secure flag with cookie.

Implementation Procedure in Apache2

  • Ensure that mod_headers.so are enabled in Apache HTTP server
  • Add below line in httpd.conf 
          Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
  • Restart Apache HTTP server to test ( sudo systemctl restart apache2 )

Note: You can check either leverage the browser’s inbuilt developer tools to check the response header or use an online tool.

Comments

Post a Comment

Popular posts from this blog

Creating Protected routes in ReactJS

By -
Protected routes are very important for any web application. Below are the code to create authenticated routes that only certain users can access based on their authentication roles. import   React , {  Component  }  from   'react' ; import  {  BrowserRouter   as   Router ,  Route ,  Switch ,  Redirect  }  from   'react-router-dom' ; import   commonService   from   './core/services/commonService' ; import   './App.css' ; import   Loader   from   './views/Loader/Loader' ; // Containers const   FrontEndLayout  =  React . lazy (()  =>   import ( './containers/FrontEndLayout/FrontEndLayout' )); const   UserLayout  =  React . lazy (()  =>   import ( './containers/UserLayout/UserLayout' )); const   loading  = ()  =>   < Loader   /> ; class   App   extends   Component  {    render (){      return  (        < Router >            < React.Suspense   fallback = { loading () } >    
Read more

Redirect http to https in codeigniter

By -
Follow below steps to redirect you non-http site to https without using .htaccess Change Configuration: go to application/config/config.php and enable hooks to true              $config['enable_hooks'] = TRUE; Create new file hooks.php if not exist other wise open file and paste code           $hook['post_controller_constructor'][] = array(                                 'function' => 'redirect_ssl',                                 'filename' => 'ssl.php',                                 'filepath' => 'hooks'                                 ); Now create a new folder hooks if not exist under application folder and then create new file ssl.php and add below code to ssl.php  <?php function redirect_ssl() {     $CI =& get_instance();     $class = $CI->router->fetch_class();     $exclude =  array('client');     if(!in_array($class,$exclude)) {       $CI->c
Read more