|
|
|
|
|
|
by jamessocol
5082 days ago
|
|
|
For click-jacking, the easiest thing to do is to set the X-Frame-Options header, but I'll get to that. And it doesn't help IE <= 7, so you need to weigh cost/benefit and your user base there. And we'll get to session hijacking and why your session cookies in particular should always be HttpOnly and preferably secure. |
|
|