jtaber wrote:
There were some posts today on planet-php.org about the use of http-only
cookies - apparently it's a way to hide the transmittal of cookie data.
Anyone know anything about this and is it worthwhile to explore or
utilize ?
The brand-new Firefox 2.0.0.5 just implemented support for http-only
cookies.
These cookies must be supported by the browser, since it is just a flag
the server sends to the browser to instruct the browser to not leak the
information to javascript.
PHP 5.2 implemented some support for httpOnly cookies. A new 7th param
to setcookie() is a boolean to set the httpOnly flag.
A new ini file directive session.cookie-httponly to make session cookies
auto flag the httpOnly flag.
http://us2.php.net/manual/en/ref.session.php#ini.session.cookie-httponly
It seems from reading the comments on
http://ilia.ws/archives/121-httpOnly-cookie-flag-support-in-PHP-5.2.html
that setting the flag doesn't break browsers that don't support the
flag. They just simply ignore the flag.
_______________________________________________
UPHPU mailing list
[email protected]
http://uphpu.org/mailman/listinfo/uphpu
IRC: #uphpu on irc.freenode.net
