Sign Up

Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.

Sign In

Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.

Forgot Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

You must login to ask a question.

Please briefly explain why you feel this question should be reported.

Please briefly explain why you feel this answer should be reported.

Please briefly explain why you feel this user should be reported.

Search

Ask A Question

0

Editorial Team

Asked: May 27, 20262026-05-27T15:43:56+00:00 2026-05-27T15:43:56+00:00

If I already set SSL for my application server, do I still need to

0

If I already set SSL for my application server, do I still need to set HttpOnly for the cookies?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team
2026-05-27T15:43:57+00:00Added an answer on May 27, 2026 at 3:43 pm
Yes. The two flags have nothing to do with each other (both are security/privacy options, though)

“Secure” means that the cookie will only be sent over encrypted connections

“HttpOnly” means that the cookie will not be visible to Javascript

You could still have XSS on an HTTPS page, for example (and then an evil script could eat your cookie).
0

Reply

Share
Share

Share on Facebook

Share on Twitter

Share on LinkedIn

Share on WhatsApp

Report