Wiki Article · Cinematic

HttpOnly Cookie

HttpOnly cookie ek special cookie flag hai jo browser ko instruction deta hai ki is cookie ko…

Overview

HttpOnly Cookie — Quick Facts

📌

Property: Detail

🎯

Full Name: HttpOnly Cookie Flag

⚡

Type: Cookie Security Attribute

🔑

Flag Name: HttpOnly

Topic 1

Infobox

📚 | Property | Detail | |---|---| | Full Name | HttpOnly Cookie Flag | | Type | Cookie…

Topic 2

Itihaas

💡

2002 — Microsoft IE6 SP1: HttpOnly…

🔑

2004–2008: Firefox, Opera, aur…

⚡

2011 — RFC 6265: IETF ne HttpOnly…

🎯

2012+: HttpOnly session cookies ke…

Topic 3

Kaise Kaam Karta Hai

🎯 Server Cookie Set Karta Hai Jab server koi cookie set karta hai, to Set-Cookie HTTP…

Topic 4

Cookie Flags Overview

💡

HttpOnly → XSS se cookie theft

🔑

Secure → HTTP par leak hone se

⚡

SameSite=Strict → CSRF attacks se

🎯

Max-Age → Indefinite session se

Topic 5

XSS Protection Mechanism

🔑 Bina HttpOnly (VULNERABLE) `mermaid flowchart TD A[Attacker: Malicious Script Inject Karo…

Topic 6

HttpOnly ka Lifecycle

✨ 1. User Login Karta Hai: Username/password submit hota hai. 2. Server Session Banata Hai:…

Topic 7

Real-Life Examples

💡

Browser yeh cookie automatically…

🔑

JavaScript se readable nahi hai.

⚡

Agar XSS vulnerability bhi ho,…

🎯

Refresh token sirf…

Topic 8

Limitations

🚀 HttpOnly important hai lekin akela sufficient nahi hai: | Limitation | Explanation |…

Topic 9

Best Practices

📚 1. Session cookies par hamesha HttpOnly lagao — yeh non-negotiable hai. 2. HttpOnly +…

Diagram

Visual Flow

📊 Diagram visualization — details in narration

Diagram

Visual Flow

📊 Diagram visualization — details in narration

Quiz — Question 1

HttpOnly Cookie ka sabse sahi definition kya hai?

Quick Quiz

Quiz — Question 2

HttpOnly Cookie ka 'Full Name' kya hai?

Complete! 🎉

HttpOnly Cookie Complete!

Aliens Wiki · HIEN · Cinematic Knowledge

✅

HttpOnly Cookie Complete

➡️

HttpOnly Cookie

HttpOnly Cookie — Quick Facts

Property: Detail

Full Name: HttpOnly Cookie Flag

Type: Cookie Security Attribute

Flag Name: HttpOnly

Infobox

Itihaas

2002 — Microsoft IE6 SP1: HttpOnly…

2004–2008: Firefox, Opera, aur…

2011 — RFC 6265: IETF ne HttpOnly…

2012+: HttpOnly session cookies ke…

Kaise Kaam Karta Hai

Cookie Flags Overview

HttpOnly → XSS se cookie theft

Secure → HTTP par leak hone se

SameSite=Strict → CSRF attacks se

Max-Age → Indefinite session se

XSS Protection Mechanism

HttpOnly ka Lifecycle

Real-Life Examples

Browser yeh cookie automatically…

JavaScript se readable nahi hai.

Agar XSS vulnerability bhi ho,…

Refresh token sirf…

Limitations

Best Practices

Visual Flow

Visual Flow

See Also

Cookie

HTTP Header

HTTP Response

Cross-Site Scripting (XSS)

Cross-Site Request Forgery (CSRF)

HTTPS

Quiz — Question 1

Quiz — Question 2

HttpOnly Cookie Complete!

HttpOnly Cookie Complete

Cookie