19 August 2008

Just a quick note about secure cookies

In response to the recent Google HTTPS flaw discovery (don't worry, it's nothing major -- just a technical point), I've now decided to start adding this flag to all of my cookies, as well.

There's an easy way to do it with Ext, too, and I did this right away with my cookie-settings scripts in Domino.

In your cookie setting function, after whatever assignment you use to create the "Path" part of the cookie, just add:

(Ext.isSecure ? ";secure" : "")

So, the end of your cookie string should look somewhat akin to:

;path=/;secure

And that's it! Now, just check your cookies in FireCookie to see the "secure" flag taking effect:

2 comments:

  1. No prob! I wonder if there's a way to get the standard Domino session variable to use this, as well, since they must've forgot to turn it on.

    ReplyDelete