- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: go-security/session-http-only
Language: Go
Severity: Info
Category: Security
CWE: 1004
By setting the “HTTP-only” flag in session cookies, web developers effectively restrict the client-side access to the session cookie. This means that the cookie can only be accessed and transmitted over a secure HTTP connection, preventing it from being accessed by JavaScript code or through client-side scripting attacks such as cross-site scripting (XSS).
Here are some good coding practices to avoid session cookie vulnerabilities:
By implementing these good coding practices, developers can mitigate session cookie vulnerabilities and enhance the security of web applications.
import (
"github.com/gorilla/sessions"
)
func main () {
session = sessions.Options {
Path: "/",
MaxAge: 3600,
HttpOnly: false,
}
}
import (
"github.com/gorilla/sessions"
)
func main () {
session = sessions.Options {
Path: "/",
MaxAge: 3600,
HttpOnly: true,
}
}