"Encrypted Sessions Only" cookie (O4W) [Revelation On-Line Wiki]

O4W, Sonny Patterson, Jared Bratu

Join The Works program to have access to the most current content, and to be able to ask questions and get answers from Revelation staff and the Revelation community

At 05 JUL 2011 12:15:28PM Sonny Patterson wrote:

http://en.wikipedia.org/wiki/Cookiemonster_attack

I'm looking for a way to set the "Encrypted Sessions Only" bit on a cookie. O4WCookie() doesn't seem to have an option for this.

At 06 JUL 2011 08:31AM Jared Bratu wrote:

Sonny, If you use the INETAPI_SETCOOKIE api call (instead of the O4W-specific "O4WCookie" api call) you can specify the httponly and secure flags.

The syntax is:

Call INETAPI_setCookie(name, ivalue, expdate, exptime, path, domain, httponly, secure)

At 06 JUL 2011 01:12PM Sonny Patterson wrote:

Perfect, thanks!

View this thread on the Works forum...