help to secure cookies add
#1
how to add HttpOnly attribute in Set-Cookie-Response-Header configuration or this statement "Set-Cookie: MeinCookie=MeinWert; path=/; HttpOnly

"
Reply
#2
Can you please eleborate your question? MyBB already does this e.g. for authentification cookies.
[Image: banner.png]
Reply
#3
To add the HttpOnly attribute to the Set-Cookie header in MyBB, you can follow these steps:

1. Log in to your MyBB Admin Control Panel (ACP).
2. Go to Configuration > Settings > General Configuration.
3. Scroll down to the "HTTP Header Options" section.
4. In the "Response Header Options" box, add the following code:
header('Set-Cookie: MeinCookie=MeinWert; path=/; HttpOnly');

Replace "MeinCookie" with the name of your cookie and "MeinWert" with the value you want to set.

5. Save your changes by clicking on the "Save Settings" button.

This will add the HttpOnly attribute to the Set-Cookie header for your MyBB forum. This attribute ensures that the cookie can only be accessed through HTTP(S) requests and not by client-side scripts, making it more secure against attacks such as cross-site scripting (XSS).
Why is MyBB FREE? Because "Free never tasted so good"!
And what we (the users) can do is [...]
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)