•  
     

Ativando cookie_httponly

PHP

Código: Selecionar todos

ini_set( 'session.cookie_httponly', 1 );


IIS

Código: Selecionar todos

	<rewrite>
        <outboundRules>
            <rule name="Add HttpOnly" preCondition="No HttpOnly">
                <match serverVariable="RESPONSE_Set_Cookie" pattern=".*" negate="false" />
                <action type="Rewrite" value="{R:0}; HttpOnly" />
                <conditions>
                </conditions>
            </rule>
            <preConditions>
                <preCondition name="No HttpOnly">
                    <add input="{RESPONSE_Set_Cookie}" pattern="." />
                    <add input="{RESPONSE_Set_Cookie}" pattern="; HttpOnly" negate="true" />
                </preCondition>
            </preConditions>
        </outboundRules>
    </rewrite>


.htaccess

Código: Selecionar todos

<IfModule php5_module>
    php_flag session.cookie_httponly on
</IfModule>