Developing Applications Using Cisco Core Platforms and APIs (DEVCOR) — Question 299

An engineer is developing an application that must store the session information for a web app on the browser and the JavaScript code must be prevented from accessing the session cookie. What must be implemented to meet the requirements?

Answer options

• A. Enable the HttpOnly flag.
• B. Enable the secure flag.
• C. Use only POST requests.
• D. Use nonpersistent cookies.

Correct answer: A

Explanation

The correct answer is A, as enabling the HttpOnly flag prevents JavaScript from accessing the cookie, thereby enhancing security. Option B, enabling the secure flag, only ensures that the cookie is transmitted over secure connections. Option C, using only POST requests, does not directly relate to cookie access restrictions, and option D, using nonpersistent cookies, does not provide a solution to the JavaScript access issue.