DEV Community

Secure your Cookies (Secure and HttpOnly flags)

Damien Jubeau on March 20, 2017

Cookies are omnipresent all over the web as they let publishers store data directly on the user's web browser. Especially used to identify the user...
Collapse
 
neilmadden profile image
Neil Madden

There is now a draft SameSite attribute for cookies that is also worth setting to prevent CSRF attacks.

Collapse
 
damienjubeau profile image
Damien Jubeau

Totally! I was planning another article to follow up about this in a couple weeks. Thanks Neil.

Collapse
 
neilmadden profile image
Neil Madden

Excellent!

Collapse
 
gvillegas profile image
Giovanni Villegas

Hi Damien, thanks for the article. In this phrase, do you mean “httpOnly” instead of “secure”:

"The “secure” flag blocks the cookies usage via Javascript"

?

Collapse
 
damienjubeau profile image
Damien Jubeau

Hi Giovanni,

Thanks for pointing that out, I've got it fixed!

Collapse
 
gvillegas profile image
Giovanni Villegas

That was fast, you are welcome!

Thread Thread
 
damienjubeau profile image
Damien Jubeau

Being fast is mandatory when working in the webperf field ;)