Title: HttpOnly cookie
Last modified: August 22, 2016

---

# HttpOnly cookie

 *  Resolved [mdmower](https://wordpress.org/support/users/mdmower/)
 * (@mdmower)
 * [11 years, 9 months ago](https://wordpress.org/support/topic/httponly-cookie/)
 * Is there a reason why you set the HttpOnly flag to false in the wp_dlm_downloading
   cookie? General practice is to set HttpOnly=true to avoid XSS vulnerabilities.
 * In includes/class-dlm-download-handler.php:
    `setcookie( 'wp_dlm_downloading',
   $download->id, time()+60, COOKIEPATH, COOKIE_DOMAIN, false );`
 * [https://wordpress.org/plugins/download-monitor/](https://wordpress.org/plugins/download-monitor/)

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Thread Starter [mdmower](https://wordpress.org/support/users/mdmower/)
 * (@mdmower)
 * [11 years, 9 months ago](https://wordpress.org/support/topic/httponly-cookie/#post-5188657)
 * Err, that was a little misleading, you don’t actually “set” HttpOnly to false,
   but rather omitting the last boolean defaults it to false. So basically, it would
   be great if you could tack on another argument to setcookie for the set_httponly
   field:
 * `setcookie( 'wp_dlm_downloading', $download->id, time()+60, COOKIEPATH, COOKIE_DOMAIN,
   false, true );`
 *  Thread Starter [mdmower](https://wordpress.org/support/users/mdmower/)
 * (@mdmower)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/httponly-cookie/#post-5189061)
 * Closing this comment thread. Instead, track [pull request 206](https://github.com/download-monitor/download-monitor/pull/206)
   to see whether this is implemented or not.
 *  Plugin Contributor [Barry Kooij](https://wordpress.org/support/users/barrykooij/)
 * (@barrykooij)
 * [11 years, 4 months ago](https://wordpress.org/support/topic/httponly-cookie/#post-5189062)
 * Thanks, will have a look at this soon!

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘HttpOnly cookie’ is closed to new replies.

 * ![](https://ps.w.org/download-monitor/assets/icon-256x256.png?rev=3198936)
 * [Download Monitor](https://wordpress.org/plugins/download-monitor/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/download-monitor/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/download-monitor/)
 * [Active Topics](https://wordpress.org/support/plugin/download-monitor/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/download-monitor/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/download-monitor/reviews/)

## Tags

 * [cookie](https://wordpress.org/support/topic-tag/cookie/)
 * [xss](https://wordpress.org/support/topic-tag/xss/)

 * 3 replies
 * 2 participants
 * Last reply from: [Barry Kooij](https://wordpress.org/support/users/barrykooij/)
 * Last activity: [11 years, 4 months ago](https://wordpress.org/support/topic/httponly-cookie/#post-5189062)
 * Status: resolved