Firefox Now Supports HttpOnly Cookies

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Firefox Now Supports HttpOnly Cookies

Post by VladSun »

When a cookie is HttpOnly the web browser should (see note about firefox implementation below) not allow client side scripts such as JavaScript to have access to the cookie. This can help mitigate the effects of cross site scripting (XSS) attacks.
from http://www.petefreitag.com/item/644.cfm

It has PHP 5.2 support.
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
The Phoenix
Forum Contributor
Posts: 294
Joined: Fri Oct 06, 2006 8:12 pm

Post by The Phoenix »

We've discussed them a few times here on dev net, but its really useful stuff!

Now Opera's latest alpha supports them, Firefox supports them, PHP 5.2 adds native support for them, IE supports them..

The ball is really rolling. I wonder if Safari supports them..
Post Reply