A cookie may be set to be an HttpOnly cookie. Setting a cookie to be HttpOnly results in (Choose
two)
A.
Client to not expose the cookie to client side scripting code
B.
Does not work with https protocol
C.
prevent certain types of cross-site scripting attacks
D.
There is no such thing as an HttpOnly cookie
Explanation:
http://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html
A,C
A, C
HttpOnly cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks.
http://docs.oracle.com/javaee/6/api/javax/servlet/http/Cookie.html