UB HttpOnly Cookies


UltraBob - Bob McDonald

3rd Party (Free)

Creative Commons Attribution Share Alike Download v1.0

EE Version Support

  • ExpressionEngine 2


If an item is crossed out, it might be untested, not applicable or incompatible. Contact the developer to be sure.

  • Updater
  • Multi Site Manager
  • Stand Alone Entry Form
  • Low Variables
  • Content Elements
  • Better Workflow
  • Matrix
  • Grid
  • Webservice
  • Publisher


  • jQuery for the Control Panel

Add-On Type(s)



This extension is unnecessary after 2.8.0. This extension does one thing: enable HttpOnly cookies in EE2.

It really should be a config variable, but until it is, we have this.

Update: there is a config variable to do this as of 2.8.0 and it’s set to ‘yes’ by default: http://ellislab.com/expressionengine/user-guide/general/system_configuration_overrides.html#cookie-httponly-config

Download UB HttpOnly Cookies

EE Support Downloads Add-On Version Release Date
Not Specified Download 1.0 Nov 21, 2012

UB HttpOnly Cookies Links

This entry was created November 21, 2012, 10:08 am.
This entry was last updated April 29, 2014, 9:02 pm.

Disclaimer: Information about ExpressionEngine add-ons is provided as a service to you, the user, and every member of the ExpressionEngine community. devot:ee is not responsible if you hose, mangle, wreck, or otherwise destroy your EE website by installing an add-on that you found out about at this site, regardless of its rating, Favorites status, commercial or free status, or general popularity. Caveat EEmptor!

Returns: devot:ee has a 30-day return policy on all commercial add-ons sold through devot-ee.com. If you need to return an add-on, do not go to the developer or the developer's site, but rather visit our returns page at https://devot-ee.com/returns to initiate your return. If you have questions, email support@devot-ee.com.

1 Review:

monkeydo 11.21.12

Rating - {addon_rating_average}

For anyone who may not know why this is valuable (like I didn’t), this blog post is a good place to start: http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html