试图摆脱警报“没有HttpOnly标志的Cookie集”

时间:2016-02-13 01:04:19

标签: php html cookies

编辑:我更改了代码以反映更改但是窗口仍然无法加载,有什么建议吗?我添加了“session_set_cookie_params” 标题始终编辑Set-Cookie(。*)“$ 1; HTTPOnly”

我一直收到警报“没有HttpOnly Flag的Cookie设置”我查找了不同的来源,但似乎没有给我一个明确的答案。以下是我的代码:

    <html>

<?php 
session_set_cookie_params
Header always edit Set-Cookie (.*) "$1; HTTPOnly"
header ("X-Frame-Options: DENY"); 
header('X-Content-Type-Options: nosniff');
?>

<head>
   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>User Authenticate </title>
</head>
<body> 

<?php

    // Retrieve Post Data
    $username = $_POST["username"];
    $email = $_POST["emailadd"];


         // Set the session information
         session_start();  
         $_SESSION['appusername'] = $username; 
         $_SESSION['appemail'] = $email;
$newusername = filter_var($username, FILTER_SANITIZE_STRING);
if (!filter_var($email, FILTER_VALIDATE_EMAIL) ===false) {  
    echo "<h3> Session Data  </h3>";
    echo "<table border='1'>";
    echo "<tr>
            <td>Username </td>
            <td> Email </td>
             </tr>";
    echo "<tr>
            <td>" . $_SESSION['appusername'] . "</td>";
    echo  "<td>" . $_SESSION['appemail']. "</td>";
    echo   "</tr>";     
    echo "</table>";      

// Provide a button to logout

echo "<form name='logout' method='post' action='logout.php'> 
<input name='btnsubmit' type='submit' value='Logout'> 
</form>";

} else {
    echo("$email is not a valid email address");
}        


?>
</body>
</html>

我尝试添加“标题始终编辑Set-Cookie(。*)”$ 1; HTTPOnly“”但这只是使我的页面无法加载。我正在使用ZAP漏洞工具来查找网页上可能存在的漏洞。任何帮助将不胜感激。

0 个答案:

没有答案