MyBB Community Forums

Full Version: help to secure cookies add
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
how to add HttpOnly attribute in Set-Cookie-Response-Header configuration or this statement "Set-Cookie: MeinCookie=MeinWert; path=/; HttpOnly

Can you please eleborate your question? MyBB already does this e.g. for authentification cookies.
To add the HttpOnly attribute to the Set-Cookie header in MyBB, you can follow these steps:

1. Log in to your MyBB Admin Control Panel (ACP).
2. Go to Configuration > Settings > General Configuration.
3. Scroll down to the "HTTP Header Options" section.
4. In the "Response Header Options" box, add the following code:
header('Set-Cookie: MeinCookie=MeinWert; path=/; HttpOnly');

Replace "MeinCookie" with the name of your cookie and "MeinWert" with the value you want to set.

5. Save your changes by clicking on the "Save Settings" button.

This will add the HttpOnly attribute to the Set-Cookie header for your MyBB forum. This attribute ensures that the cookie can only be accessed through HTTP(S) requests and not by client-side scripts, making it more secure against attacks such as cross-site scripting (XSS).