Y
Hacker News
new
|
ask
|
show
|
jobs
by
velis_vel
4566 days ago
> If i copy all of the cookies how will the server differentiate the hijacker from the user. They both have the same cookies.
If you set the cookies to be HTTP-only then you can't get at them from malicious JS.