Is there a way to know that a cookie is "HTTP Only" on the first user request?
As I was reading the session fixation article on OWASP, I was thinking that the only way for my server to refuse a cookie set by a rogue script would be for my server to know that the browser sent a request without the HTTP-O… Continue reading Is there a way to know that a cookie is "HTTP Only" on the first user request?