Pooled IP access question

Cantor, Scott cantor.2 at osu.edu
Tue Apr 1 18:32:10 EDT 2014

On 4/1/14, 6:22 PM, "Mike Flynn" <shibbolethlynda at yahoo.com> wrote:

>OK, so it sounds like even with HttpOnly, I am introducing a

A point of weakness/attack certainly.

>  If I set HttpOnly on the cookie property, will that affect all users
>with existing cookies?

No. You can look it up and research what it does and what the limitations
are, but unless you do very questionable things with Javascript, it
doesn't hurt anything. It's nothing to do with Shibboleth, it's just a
standard form of cookie protection.

-- Scott

More information about the users mailing list