Home >Backend Development >PHP Tutorial >xss defense php uses httponly to prevent xss attacks_PHP tutorial
Needless to say, the concept of Or session hijacking, if it contains a lot of sensitive information (identity information, administrator information), etc., it's over. . .
The following js is used to obtain cookie information:
Generally, cookies are obtained from document objects. Now when browsers set cookies, they generally accept a parameter called HttpOnly, just like other parameters such as domain. Once this HttpOnly is set, you can set it in the document of the browser. The cookie is no longer visible in the object.
PHP settings HttpOnly:
For PHP versions prior to PHP5.1 pass:
Finally, HttpOnly is not a panacea!