Cookie Security #267

LokiDieKatze · 2022-03-10T14:38:48Z

LokiDieKatze
Mar 10, 2022

Few question about the security of cookies.
What step allows the encryption of the data?
Is it possible to enable the httpOnly property etc. ?
What other security layer is offered by cookiconsent?

Answered by tillsanders

Mar 10, 2022

I believe there is no encryption baked into cookieconsent. That really depends on the cookies your application sets and wether it choses to encrypt them. Cookieconsent is only setting one cookie itself, which is the cc_cookie that contains the user settings. So I think you're looking in the wrong place. Or I misunderstood your question.

Regarding httpOnly – you cannot set those on the client. That is exactly what makes them (more) secure. More on that here: https://stackoverflow.com/questions/14691654/set-a-cookie-to-httponly-via-javascript

View full answer

tillsanders · 2022-03-10T15:35:35Z

tillsanders
Mar 10, 2022

I believe there is no encryption baked into cookieconsent. That really depends on the cookies your application sets and wether it choses to encrypt them. Cookieconsent is only setting one cookie itself, which is the cc_cookie that contains the user settings. So I think you're looking in the wrong place. Or I misunderstood your question.

Regarding httpOnly – you cannot set those on the client. That is exactly what makes them (more) secure. More on that here: https://stackoverflow.com/questions/14691654/set-a-cookie-to-httponly-via-javascript

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cookie Security #267

{{title}}

Replies: 1 comment

{{title}}

Select a reply

Cookie Security #267

LokiDieKatze Mar 10, 2022

Replies: 1 comment

tillsanders Mar 10, 2022

LokiDieKatze
Mar 10, 2022

tillsanders
Mar 10, 2022