{"id":239021,"date":"2026-03-05T13:48:09","date_gmt":"2026-03-05T12:48:09","guid":{"rendered":"https:\/\/www.whiteshield.net\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/"},"modified":"2026-03-26T17:51:53","modified_gmt":"2026-03-26T16:51:53","slug":"http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem","status":"publish","type":"post","link":"https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/","title":{"rendered":"HTTP cookie biztons\u00e1g: XSS elleni v\u00e9delem \u00e9s CSRF v\u00e9delem"},"content":{"rendered":"<p><b>Mik azok a cookie-k \u00e9s mire val\u00f3k?<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Gyakran egy rosszul konfigur\u00e1lt cookie az, amely csendben megnyitja az utat a session-\u00e1tv\u00e9telhez egy weboldalon. Pedig az XSS elleni v\u00e9delem \u00e9s a CSRF v\u00e9delem nem komplex architekt\u00far\u00e1n, hanem h\u00e1rom attrib\u00fatum helyes be\u00e1ll\u00edt\u00e1s\u00e1n m\u00falik.<\/span><\/p>\n<h1><b>Mik azok a cookie-k?<\/b><\/h1>\n<p><span style=\"font-weight: 400;\">A HTTP cookie egy kis m\u00e9ret\u0171 adat, amelyet a webszerver k\u00fcld a kliensnek \u2013 leggyakrabban egy webb\u00f6ng\u00e9sz\u0151nek \u2013, \u00e9s amelyet a kliens elt\u00e1rol, majd a k\u00e9s\u0151bbi HTTP-k\u00e9r\u00e9sek sor\u00e1n automatikusan visszak\u00fcld a szervernek.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A cookie-k l\u00e9tjogosults\u00e1ga k\u00f6zvetlen\u00fcl a HTTP-protokoll m\u0171k\u00f6d\u00e9s\u00e9b\u0151l fakad. A HTTP alapvet\u0151en \u00e1llapotmentes: a szerver k\u00e9t egym\u00e1st k\u00f6vet\u0151 k\u00e9r\u00e9s k\u00f6z\u00f6tt nem rendelkezik inform\u00e1ci\u00f3val arr\u00f3l, hogy ugyanaz a felhaszn\u00e1l\u00f3 kommunik\u00e1l-e vele. A cookie ezt az hidalja \u00e1t azzal, hogy a kliens \u00e9s a szerver k\u00f6z\u00f6tt perzisztens inform\u00e1ci\u00f3t hordoz.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A gyakorlatban a cookie-k kulcs\u2013\u00e9rt\u00e9k p\u00e1rok form\u00e1j\u00e1ban jelennek meg, amelyeket a szerver a v\u00e1lasz HTTP-fejl\u00e9c\u00e9ben ad \u00e1t a kliensnek. A b\u00f6ng\u00e9sz\u0151 ezeket minden tov\u00e1bbi, az adott domainhez tartoz\u00f3 k\u00e9r\u00e9sn\u00e9l visszak\u00fcldi.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ez a mechanizmus teszi lehet\u0151v\u00e9:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">a felhaszn\u00e1l\u00f3 azonos\u00edt\u00e1s\u00e1t,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">a bejelentkezett \u00e1llapot fenntart\u00e1s\u00e1t,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">az alkalmaz\u00e1s m\u0171k\u00f6d\u00e9s\u00e9hez sz\u00fcks\u00e9ges kontextus meg\u0151rz\u00e9s\u00e9t.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">A modern webalkalmaz\u00e1sok jelent\u0151s r\u00e9sze elk\u00e9pzelhetetlen cookie-k n\u00e9lk\u00fcl, hiszen ezek biztos\u00edtj\u00e1k a felhaszn\u00e1l\u00f3i \u00e9lm\u00e9ny folytonoss\u00e1g\u00e1t \u00e9s az alkalmaz\u00e1s logikai m\u0171k\u00f6d\u00e9s\u00e9t.<\/span><\/p>\n<h2><b>Tov\u00e1bbi tudnival\u00f3k a cookie-kr\u00f3l<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Fontos hangs\u00falyozni, hogy a cookie nem felt\u00e9tlen\u00fcl tartalmaz \u00fczleti vagy szem\u00e9lyes adatot. Sok esetben csup\u00e1n egy azonos\u00edt\u00f3t hordoz, amelyhez a szerveroldalon tartozik a t\u00e9nyleges \u00e1llapot.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Technikai szempontb\u00f3l azonban mindig a kliens oldalon t\u00e1rol\u00f3dik, \u00e9s a b\u00f6ng\u00e9sz\u0151 kezeli. Vagyis a felhaszn\u00e1l\u00f3 \u2013 vagy egy rosszindulat\u00fa szerepl\u0151 \u2013 sz\u00e1m\u00e1ra potenci\u00e1lisan el\u00e9rhet\u0151. Ez a tulajdons\u00e1g alapvet\u0151en meghat\u00e1rozza a cookie-kkal kapcsolatos biztons\u00e1gi kock\u00e1zatokat.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Mivel a cookie automatikusan elk\u00fcld\u00e9sre ker\u00fcl minden relev\u00e1ns HTTP-k\u00e9r\u00e9s sor\u00e1n, k\u00fcl\u00f6n\u00f6sen \u00e9rz\u00e9keny szerepet t\u00f6lt be az autentik\u00e1ci\u00f3 \u00e9s autoriz\u00e1ci\u00f3 ter\u00fclet\u00e9n. Egy kompromitt\u00e1lt cookie elegend\u0151 lehet a felhaszn\u00e1l\u00f3i munkamenet \u00e1tv\u00e9tel\u00e9hez, m\u00e9g akkor is, ha maga a jelsz\u00f3 nem ker\u00fcl ki. Ez\u00e9rt a cookie nem puszt\u00e1n k\u00e9nyelmi eszk\u00f6z, hanem a webes biztons\u00e1g k\u00f6zponti eleme.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A cookie biztons\u00e1ga teh\u00e1t nem kiz\u00e1r\u00f3lag a t\u00e1rolt adatt\u00f3l f\u00fcgg, hanem att\u00f3l is, milyen korl\u00e1toz\u00e1sok vonatkoznak a haszn\u00e1lat\u00e1ra.<\/span><\/p>\n<h2><b>Cookie-attrib\u00fatumok: a nagy k\u00e9p<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">A cookie-hoz tartoz\u00f3 attrib\u00fatumok els\u0151 r\u00e1n\u00e9z\u00e9sre apr\u00f3 technikai r\u00e9szleteknek t\u0171nhetnek. Val\u00f3j\u00e1ban azonban a webes biztons\u00e1g egyik legfontosabb v\u00e9delmi vonal\u00e1t jelentik.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ezek hat\u00e1rozz\u00e1k meg:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">milyen k\u00f6rnyezetben \u00e9rhet\u0151 el a cookie;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">mikor ker\u00fcl elk\u00fcld\u00e9sre;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">milyen csatorn\u00e1n haszn\u00e1lhat\u00f3.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">B\u00e1r megfelel\u0151 be\u00e1ll\u00edt\u00e1sokkal teljes t\u00e1mad\u00e1si oszt\u00e1lyok tehet\u0151k jelent\u0151sen nehezebb\u00e9, a gyakorlat m\u00e9gis azt mutatja, hogy ezek az attrib\u00fatumok gyakran kimaradnak, vagy nem biztons\u00e1gos alap\u00e9rtelmezett \u00e9rt\u00e9ken maradnak. Ennek oka t\u00f6bbnyire nem rosszindulat, hanem priorit\u00e1si k\u00e9rd\u00e9s: a funkcionalit\u00e1s megel\u0151zi a biztons\u00e1gi konfigur\u00e1ci\u00f3t.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Pedig a HttpOnly, a Secure \u00e9s a SameSite attrib\u00fatum helyes haszn\u00e1lata nem extra v\u00e9delem, hanem az alapvet\u0151 kiberhigi\u00e9nia r\u00e9sze.<\/span><\/p>\n<h2><b>A HttpOnly az XSS elleni v\u00e9delem egyik alapk\u00f6ve<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">A <\/span><a href=\"https:\/\/learn.microsoft.com\/en-us\/dotnet\/api\/system.web.httpcookie.httponly?view=netframework-4.8.1\"><span style=\"font-weight: 400;\">HttpOnly<\/span><\/a><span style=\"font-weight: 400;\"> attrib\u00fatum c\u00e9lja egyszer\u0171: megakad\u00e1lyozza, hogy a cookie a JavaScriptb\u0151l el\u00e9rhet\u0151 legyen. Ha egy cookie HttpOnly flaggel rendelkezik, a b\u00f6ng\u00e9sz\u0151 garant\u00e1lja, hogy az nem olvashat\u00f3, nem m\u00f3dos\u00edthat\u00f3 \u00e9s nem tov\u00e1bb\u00edthat\u00f3 kliensoldali szkriptekb\u0151l. Kiz\u00e1r\u00f3lag HTTP-k\u00e9r\u00e9sek sor\u00e1n ker\u00fcl elk\u00fcld\u00e9sre.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ennek jelent\u0151s\u00e9ge k\u00fcl\u00f6n\u00f6sen XSS (cross-site scripting) t\u00e1mad\u00e1sok eset\u00e9n v\u00e1lik nyilv\u00e1nval\u00f3v\u00e1. Egy sikeres XSS-t\u00e1mad\u00e1s sor\u00e1n ugyanis a t\u00e1mad\u00f3 tetsz\u0151leges JavaScript-k\u00f3dot futtathat a felhaszn\u00e1l\u00f3 b\u00f6ng\u00e9sz\u0151j\u00e9ben. M\u00e1rpedig ha a session-azonos\u00edt\u00f3 cookie JavaScriptb\u0151l el\u00e9rhet\u0151, annak eltulajdon\u00edt\u00e1sa trivi\u00e1lis.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A HttpOnly \u00f6nmag\u00e1ban nem akad\u00e1lyozza meg mag\u00e1t az XSS-sebezhet\u0151s\u00e9get. Ugyanakkor az XSS elleni v\u00e9delem szempontj\u00e1b\u00f3l kulcsfontoss\u00e1g\u00fa, mert megakad\u00e1lyozza a cookie k\u00f6zvetlen kiolvas\u00e1s\u00e1t \u00e9s tov\u00e1bb\u00edt\u00e1s\u00e1t.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A HttpOnly bin\u00e1ris jelleg\u0171: vagy be van \u00e1ll\u00edtva, vagy nincs. Nincs alternat\u00edv \u00e9rt\u00e9ke, \u00e9s nincs olyan legitim felhaszn\u00e1l\u00e1si eset, ahol egy autentik\u00e1ci\u00f3hoz haszn\u00e1lt cookie-n\u00e1l indokolt lenne a hi\u00e1nya. \u00c9ppen ez\u00e9rt minden olyan cookie eset\u00e9n, amely hiteles\u00edt\u00e9st, sessiont vagy m\u00e1s biztons\u00e1gi kontextust hordoz, a HttpOnly be\u00e1ll\u00edt\u00e1sa er\u0151sen aj\u00e1nlott, gyakorlatilag alapk\u00f6vetelm\u00e9nynek tekinthet\u0151.<\/span><\/p>\n<h2><b>A Secure \u00e9s a transport layer kock\u00e1zatok kezel\u00e9se<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">A <\/span><a href=\"https:\/\/en.wikipedia.org\/wiki\/Secure_cookie\"><span style=\"font-weight: 400;\">Secure<\/span><\/a><span style=\"font-weight: 400;\"> attrib\u00fatum azt szab\u00e1lyozza, hogy a cookie kiz\u00e1r\u00f3lag titkos\u00edtott, HTTPS-kapcsolaton kereszt\u00fcl ker\u00fclhet-e elk\u00fcld\u00e9sre. Ha egy cookie nem rendelkezik Secure flaggel, a b\u00f6ng\u00e9sz\u0151 titkos\u00edtatlan HTTP-k\u00e9r\u00e9s sor\u00e1n is elk\u00fcldi azt. Ez lehet\u0151s\u00e9get ad a h\u00e1l\u00f3zati lehallgat\u00e1sra \u00e9s a session cookie eltulajdon\u00edt\u00e1s\u00e1ra.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">K\u00fcl\u00f6n\u00f6sen kritikus ez:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">nyilv\u00e1nos Wi-Fi h\u00e1l\u00f3zatokon;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">nem megfelel\u0151en konfigur\u00e1lt aldomaineken;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">\u00f6r\u00f6k\u00f6lt rendszerekn\u00e9l.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Egyetlen titkos\u00edtatlan k\u00e9r\u00e9s is elegend\u0151 lehet egy munkamenet kompromitt\u00e1l\u00e1s\u00e1hoz. A Secure attrib\u00fatum jelenl\u00e9te vagy hi\u00e1nya sz\u00e1m\u00edt \u00e9s nincs k\u00f6ztes \u00e1llapot. Modern k\u00f6rnyezetben, ahol a HTTPS alapk\u00f6vetelm\u00e9ny, a Secure flag elhagy\u00e1sa csendben nyitva hagy egy komoly biztons\u00e1gi r\u00e9st.<\/span><\/p>\n<h2><b>SameSite \u2013 a CSRF v\u00e9delem alapmechanizmusa<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">A <\/span><a href=\"https:\/\/learn.microsoft.com\/hu-hu\/entra\/identity-platform\/howto-handle-samesite-cookie-changes-chrome-browser?tabs=dotnet\"><span style=\"font-weight: 400;\">SameSite<\/span><\/a><span style=\"font-weight: 400;\"> attrib\u00fatum szab\u00e1lyozza, hogy a b\u00f6ng\u00e9sz\u0151 milyen k\u00f6r\u00fclm\u00e9nyek k\u00f6z\u00f6tt k\u00fcldi el a cookie-t m\u00e1s oldalak \u00e1ltal kezdem\u00e9nyezett k\u00e9r\u00e9sek sor\u00e1n. Ez k\u00f6zvetlen\u00fcl a CSRF v\u00e9delem egyik kulcseleme.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A SameSite h\u00e1rom \u00e9rt\u00e9ket vehet fel:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Strict<\/b><span style=\"font-weight: 400;\">, mely eset\u00e9n a cookie-kat a rendszer kiz\u00e1r\u00f3lag azonos eredet\u0171 k\u00e9r\u00e9sn\u00e9l k\u00fcldi el;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Lax<\/b><span style=\"font-weight: 400;\"> , mely bizonyos navig\u00e1ci\u00f3s esetekben elk\u00fcldi a cookie-kat, de a tipikus CSRF-mint\u00e1kat blokkolja;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>None<\/b><span style=\"font-weight: 400;\">, mely minden esetben elk\u00fcldi a cookie-kat (Secure k\u00f6telez\u0151).<\/span>&nbsp;<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">A modern b\u00f6ng\u00e9sz\u0151k alap\u00e9rtelmez\u00e9se a Lax ir\u00e1ny\u00e1ba tol\u00f3dik, ami j\u00f3l mutatja, hogy a CSRF-v\u00e9delem ma m\u00e1r nem opcion\u00e1lis, hanem k\u00f6telez\u0151en aj\u00e1nlott t\u00e9nyez\u0151.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A SameSite helyes konfigur\u00e1ci\u00f3ja jelent\u0151sen cs\u00f6kkenti annak es\u00e9ly\u00e9t, hogy a felhaszn\u00e1l\u00f3 b\u00f6ng\u00e9sz\u0151je egy k\u00fcls\u0151, rosszindulat\u00fa oldal k\u00e9r\u00e9s\u00e9re automatikusan hiteles\u00edtett m\u0171veletet hajtson v\u00e9gre.<\/span><\/p>\n<h2><b>Cookie-biztons\u00e1g okosan<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">A cookie a modern web m\u0171k\u00f6d\u00e9s\u00e9nek alapvet\u0151 eleme. Term\u00e9szet\u00e9b\u0151l fakad\u00f3an azonban kiemelt biztons\u00e1gi kock\u00e1zatot is jelent. Mivel kliensoldalon t\u00e1rol\u00f3dik \u00e9s automatikusan tov\u00e1bb\u00edt\u00e1sra ker\u00fcl, minden hib\u00e1s konfigur\u00e1ci\u00f3 k\u00f6zvetlen t\u00e1mad\u00e1si fel\u00fcletet nyit.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A HttpOnly, Secure \u00e9s SameSite attrib\u00fatumok j\u00f3l p\u00e9ld\u00e1zz\u00e1k, hogy viszonylag egyszer\u0171 be\u00e1ll\u00edt\u00e1sokkal jelent\u0151s v\u00e9delmi szint \u00e9rhet\u0151 el.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">A HttpOnly er\u0151s\u00edti az XSS elleni v\u00e9delmet.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">A Secure cs\u00f6kkenti a session-elt\u00e9r\u00edt\u00e9s kock\u00e1zat\u00e1t.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">A SameSite pedig a CSRF v\u00e9delem egyik alapk\u00f6ve.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Ezek alkalmaz\u00e1sa ugyan nem v\u00e1ltja ki a sebezhet\u0151s\u00e9gek jav\u00edt\u00e1s\u00e1t, vagy a helyes alkalmaz\u00e1slogik\u00e1t, de \u00e9rdemben cs\u00f6kkentik a t\u00e1mad\u00e1sok gyakorlati kihaszn\u00e1lhat\u00f3s\u00e1g\u00e1t.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Egy webalkalmaz\u00e1s biztons\u00e1gi \u00e9retts\u00e9ge gyakran az ilyen \u201eapr\u00f3\u201d konfigur\u00e1ci\u00f3s d\u00f6nt\u00e9seken m\u00e9rhet\u0151 le. Nem szabad elfelejten\u00fcnk, hogy a cookie-attrib\u00fatumok helyes alkalmaz\u00e1sa nem extra v\u00e9delem, hanem az a minimum, amelynek hi\u00e1nya ma m\u00e1r szakmailag nehezen v\u00e9dhet\u0151.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mik azok a cookie-k \u00e9s mire val\u00f3k? Gyakran egy rosszul konfigur\u00e1lt cookie az, amely csendben megnyitja az utat a session-\u00e1tv\u00e9telhez egy weboldalon. Pedig az XSS elleni v\u00e9delem \u00e9s a CSRF v\u00e9delem nem komplex architekt\u00far\u00e1n, hanem h\u00e1rom attrib\u00fatum helyes be\u00e1ll\u00edt\u00e1s\u00e1n m\u00falik. Mik azok a cookie-k? A HTTP cookie egy kis m\u00e9ret\u0171 adat, amelyet a webszerver k\u00fcld [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":239228,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[33],"tags":[],"class_list":["post-239021","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web-application-test-hu"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>HTTP cookie biztons\u00e1g: XSS elleni v\u00e9delem \u00e9s CSRF v\u00e9delem - Whiteshield Ethical Hacking<\/title>\n<meta name=\"description\" content=\"A cookie konfigur\u00e1ci\u00f3 kulcsszerepet j\u00e1tszik az XSS elleni v\u00e9delemben \u00e9s a CSRF-v\u00e9delemben. Tudatos attrib\u00fatumbe\u00e1ll\u00edt\u00e1sokkal cs\u00f6kkenthet\u0151 a webalkalmaz\u00e1sok kock\u00e1zata.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/\" \/>\n<meta property=\"og:locale\" content=\"hu_HU\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HTTP cookie biztons\u00e1g: XSS elleni v\u00e9delem \u00e9s CSRF v\u00e9delem - Whiteshield Ethical Hacking\" \/>\n<meta property=\"og:description\" content=\"A cookie konfigur\u00e1ci\u00f3 kulcsszerepet j\u00e1tszik az XSS elleni v\u00e9delemben \u00e9s a CSRF-v\u00e9delemben. Tudatos attrib\u00fatumbe\u00e1ll\u00edt\u00e1sokkal cs\u00f6kkenthet\u0151 a webalkalmaz\u00e1sok kock\u00e1zata.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/\" \/>\n<meta property=\"og:site_name\" content=\"Whiteshield Ethical Hacking\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-05T12:48:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-26T16:51:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.whiteshield.net\/wp-content\/uploads\/2026\/03\/cookie.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1066\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"whiteshield\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Szerz\u0151:\" \/>\n\t<meta name=\"twitter:data1\" content=\"whiteshield\" \/>\n\t<meta name=\"twitter:label2\" content=\"Becs\u00fclt olvas\u00e1si id\u0151\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 perc\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\\\/\"},\"author\":{\"name\":\"whiteshield\",\"@id\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/#\\\/schema\\\/person\\\/46c6efc500d7d7a6469670b2b6f25343\"},\"headline\":\"HTTP cookie biztons\u00e1g: XSS elleni v\u00e9delem \u00e9s CSRF v\u00e9delem\",\"datePublished\":\"2026-03-05T12:48:09+00:00\",\"dateModified\":\"2026-03-26T16:51:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\\\/\"},\"wordCount\":1430,\"image\":{\"@id\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.whiteshield.net\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/cookie.png\",\"articleSection\":[\"web application test\"],\"inLanguage\":\"hu\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\\\/\",\"url\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\\\/\",\"name\":\"HTTP cookie biztons\u00e1g: XSS elleni v\u00e9delem \u00e9s CSRF v\u00e9delem - Whiteshield Ethical Hacking\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.whiteshield.net\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/cookie.png\",\"datePublished\":\"2026-03-05T12:48:09+00:00\",\"dateModified\":\"2026-03-26T16:51:53+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/#\\\/schema\\\/person\\\/46c6efc500d7d7a6469670b2b6f25343\"},\"description\":\"A cookie konfigur\u00e1ci\u00f3 kulcsszerepet j\u00e1tszik az XSS elleni v\u00e9delemben \u00e9s a CSRF-v\u00e9delemben. Tudatos attrib\u00fatumbe\u00e1ll\u00edt\u00e1sokkal cs\u00f6kkenthet\u0151 a webalkalmaz\u00e1sok kock\u00e1zata.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\\\/#breadcrumb\"},\"inLanguage\":\"hu\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"hu\",\"@id\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.whiteshield.net\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/cookie.png\",\"contentUrl\":\"https:\\\/\\\/www.whiteshield.net\\\/wp-content\\\/uploads\\\/2026\\\/03\\\/cookie.png\",\"width\":1066,\"height\":600},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"HTTP cookie biztons\u00e1g: XSS elleni v\u00e9delem \u00e9s CSRF v\u00e9delem\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/#website\",\"url\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/\",\"name\":\"Whiteshield Ethical Hacking\",\"description\":\"Biztons\u00e1gi Szak\u00e9rt\u0151k\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"hu\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/#\\\/schema\\\/person\\\/46c6efc500d7d7a6469670b2b6f25343\",\"name\":\"whiteshield\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"hu\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f935080e659dbad6cbf2290fa03176decaf657bbf1d7fbcd776d4adbdac6c827?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f935080e659dbad6cbf2290fa03176decaf657bbf1d7fbcd776d4adbdac6c827?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f935080e659dbad6cbf2290fa03176decaf657bbf1d7fbcd776d4adbdac6c827?s=96&d=mm&r=g\",\"caption\":\"whiteshield\"},\"url\":\"https:\\\/\\\/www.whiteshield.net\\\/hu\\\/author\\\/wsadmin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HTTP cookie biztons\u00e1g: XSS elleni v\u00e9delem \u00e9s CSRF v\u00e9delem - Whiteshield Ethical Hacking","description":"A cookie konfigur\u00e1ci\u00f3 kulcsszerepet j\u00e1tszik az XSS elleni v\u00e9delemben \u00e9s a CSRF-v\u00e9delemben. Tudatos attrib\u00fatumbe\u00e1ll\u00edt\u00e1sokkal cs\u00f6kkenthet\u0151 a webalkalmaz\u00e1sok kock\u00e1zata.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/","og_locale":"hu_HU","og_type":"article","og_title":"HTTP cookie biztons\u00e1g: XSS elleni v\u00e9delem \u00e9s CSRF v\u00e9delem - Whiteshield Ethical Hacking","og_description":"A cookie konfigur\u00e1ci\u00f3 kulcsszerepet j\u00e1tszik az XSS elleni v\u00e9delemben \u00e9s a CSRF-v\u00e9delemben. Tudatos attrib\u00fatumbe\u00e1ll\u00edt\u00e1sokkal cs\u00f6kkenthet\u0151 a webalkalmaz\u00e1sok kock\u00e1zata.","og_url":"https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/","og_site_name":"Whiteshield Ethical Hacking","article_published_time":"2026-03-05T12:48:09+00:00","article_modified_time":"2026-03-26T16:51:53+00:00","og_image":[{"width":1066,"height":600,"url":"https:\/\/www.whiteshield.net\/wp-content\/uploads\/2026\/03\/cookie.png","type":"image\/png"}],"author":"whiteshield","twitter_card":"summary_large_image","twitter_misc":{"Szerz\u0151:":"whiteshield","Becs\u00fclt olvas\u00e1si id\u0151":"5 perc"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/#article","isPartOf":{"@id":"https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/"},"author":{"name":"whiteshield","@id":"https:\/\/www.whiteshield.net\/hu\/#\/schema\/person\/46c6efc500d7d7a6469670b2b6f25343"},"headline":"HTTP cookie biztons\u00e1g: XSS elleni v\u00e9delem \u00e9s CSRF v\u00e9delem","datePublished":"2026-03-05T12:48:09+00:00","dateModified":"2026-03-26T16:51:53+00:00","mainEntityOfPage":{"@id":"https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/"},"wordCount":1430,"image":{"@id":"https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/#primaryimage"},"thumbnailUrl":"https:\/\/www.whiteshield.net\/wp-content\/uploads\/2026\/03\/cookie.png","articleSection":["web application test"],"inLanguage":"hu"},{"@type":"WebPage","@id":"https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/","url":"https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/","name":"HTTP cookie biztons\u00e1g: XSS elleni v\u00e9delem \u00e9s CSRF v\u00e9delem - Whiteshield Ethical Hacking","isPartOf":{"@id":"https:\/\/www.whiteshield.net\/hu\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/#primaryimage"},"image":{"@id":"https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/#primaryimage"},"thumbnailUrl":"https:\/\/www.whiteshield.net\/wp-content\/uploads\/2026\/03\/cookie.png","datePublished":"2026-03-05T12:48:09+00:00","dateModified":"2026-03-26T16:51:53+00:00","author":{"@id":"https:\/\/www.whiteshield.net\/hu\/#\/schema\/person\/46c6efc500d7d7a6469670b2b6f25343"},"description":"A cookie konfigur\u00e1ci\u00f3 kulcsszerepet j\u00e1tszik az XSS elleni v\u00e9delemben \u00e9s a CSRF-v\u00e9delemben. Tudatos attrib\u00fatumbe\u00e1ll\u00edt\u00e1sokkal cs\u00f6kkenthet\u0151 a webalkalmaz\u00e1sok kock\u00e1zata.","breadcrumb":{"@id":"https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/#breadcrumb"},"inLanguage":"hu","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/"]}]},{"@type":"ImageObject","inLanguage":"hu","@id":"https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/#primaryimage","url":"https:\/\/www.whiteshield.net\/wp-content\/uploads\/2026\/03\/cookie.png","contentUrl":"https:\/\/www.whiteshield.net\/wp-content\/uploads\/2026\/03\/cookie.png","width":1066,"height":600},{"@type":"BreadcrumbList","@id":"https:\/\/www.whiteshield.net\/hu\/http-cookie-biztonsag-xss-elleni-vedelem-es-csrf-vedelem\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.whiteshield.net\/hu\/"},{"@type":"ListItem","position":2,"name":"HTTP cookie biztons\u00e1g: XSS elleni v\u00e9delem \u00e9s CSRF v\u00e9delem"}]},{"@type":"WebSite","@id":"https:\/\/www.whiteshield.net\/hu\/#website","url":"https:\/\/www.whiteshield.net\/hu\/","name":"Whiteshield Ethical Hacking","description":"Biztons\u00e1gi Szak\u00e9rt\u0151k","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.whiteshield.net\/hu\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"hu"},{"@type":"Person","@id":"https:\/\/www.whiteshield.net\/hu\/#\/schema\/person\/46c6efc500d7d7a6469670b2b6f25343","name":"whiteshield","image":{"@type":"ImageObject","inLanguage":"hu","@id":"https:\/\/secure.gravatar.com\/avatar\/f935080e659dbad6cbf2290fa03176decaf657bbf1d7fbcd776d4adbdac6c827?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f935080e659dbad6cbf2290fa03176decaf657bbf1d7fbcd776d4adbdac6c827?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f935080e659dbad6cbf2290fa03176decaf657bbf1d7fbcd776d4adbdac6c827?s=96&d=mm&r=g","caption":"whiteshield"},"url":"https:\/\/www.whiteshield.net\/hu\/author\/wsadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.whiteshield.net\/hu\/wp-json\/wp\/v2\/posts\/239021","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whiteshield.net\/hu\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whiteshield.net\/hu\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whiteshield.net\/hu\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whiteshield.net\/hu\/wp-json\/wp\/v2\/comments?post=239021"}],"version-history":[{"count":1,"href":"https:\/\/www.whiteshield.net\/hu\/wp-json\/wp\/v2\/posts\/239021\/revisions"}],"predecessor-version":[{"id":239233,"href":"https:\/\/www.whiteshield.net\/hu\/wp-json\/wp\/v2\/posts\/239021\/revisions\/239233"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.whiteshield.net\/hu\/wp-json\/wp\/v2\/media\/239228"}],"wp:attachment":[{"href":"https:\/\/www.whiteshield.net\/hu\/wp-json\/wp\/v2\/media?parent=239021"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whiteshield.net\/hu\/wp-json\/wp\/v2\/categories?post=239021"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whiteshield.net\/hu\/wp-json\/wp\/v2\/tags?post=239021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}