One doc tagged with "http-only"

Mechanism and implementation of session-based authentication using HTTP-only Cookies