Showing 1 result for: December 2008 ×ModSecurity Rules ×

Fixing Both Missing HTTPOnly and Secure Cookie Flags

In a previous post I showed how you can use both ModSecurity and Apache together to identify/modify SessionIDs that are missing the HTTPOnly flag. I received some feedback where people were asking how to accomplish the same thing but for...