If "Enable cookies for the originating web site only" is set, should the script tag pass back a cookie when using the 'src' attribute? I've got a case where the main page sets a session id cookie with a path of /, but when <script> retrieves /javascript/md5.js, the cookie is _not_ sent to the server and so a new 'Set-Cookie' sets the session id to a new value. As a result, it is impossible to log in. If I change cookie security to "Enable all cookies", everything works.
This problem showed up some time after milestone .9.8. Thanks. Tom
