I had the pleasure of spending a week trying to fix an issue with one of my sites. We have quarterly security scans on it and this last round they dinged us for not using secure and HTTPOnly cookies. Our server is using J2EE session variables. On ColdFusion 8 there […]

HTTPOnly and Secure Cookies