Pooled IP access question
Cantor, Scott
cantor.2 at osu.edu
Tue Apr 1 18:32:10 EDT 2014
On 4/1/14, 6:22 PM, "Mike Flynn" <shibbolethlynda at yahoo.com> wrote:
>OK, so it sounds like even with HttpOnly, I am introducing a
>vulnerability.
A point of weakness/attack certainly.
> If I set HttpOnly on the cookie property, will that affect all users
>with existing cookies?
No. You can look it up and research what it does and what the limitations
are, but unless you do very questionable things with Javascript, it
doesn't hurt anything. It's nothing to do with Shibboleth, it's just a
standard form of cookie protection.
-- Scott
More information about the users
mailing list