Forum Discussion
Kevin_Stewart
Sep 16, 2014Employee
I'd perhaps suggest two things:
-
Set the HTTPOnly flag on all cookies. It's of course not a 100% solution, but it would prevent most script-based access to cookies.
-
As WLB suggests, simply URI::encode the output value:
HTTP::respond 403 content "Error: variable [URI::encode $somevar] not in datagroup"