That depends on whether the src attribute points to a server that is in the same domain as the original request. From what you are describing, it sounds like the cookie should have been sent out. So file a bug report on this, giving all the details, and assign it to me (it will automatically get assigined to me if you set the component to cookies).
Of course third-party cookie testing just started working recently (prior to that the thir-party cookie test was pretty much being ignored), so that is why this problem just started showing up. -- Steve Morse Tom True wrote: > > If "Enable cookies for the originating web site only" is set, should > the script tag pass back a cookie when using the 'src' attribute? I've > got a case where the main page sets a session id cookie with a path of > /, but when <script> retrieves /javascript/md5.js, the cookie is _not_ > sent to the server and so a new 'Set-Cookie' sets the session id to a > new value. As a result, it is impossible to log in. If I change cookie > security to "Enable all cookies", everything works. > > This problem showed up some time after milestone .9.8. > > Thanks. > Tom
