John_31769
Mar 11, 2011Nimbostratus
Set APM Cookies to HttpOnly
During an internal PEN test of our APM implementation, our Security group was able to inject some Java script and steal the 2 APM cookies MRHSession and Last_MRHSession. We think we could prevent this...