HTTPOnly ?

The XSall implementation of OpenSignOn is not using the HTTPOnly flag now. I don’t see any XSS problems but perhaps it would not hurt to implement it. An extra wall always helps.


Comments

Comments are closed.