Page 1 of 1

Firefox Now Supports HttpOnly Cookies

Posted: Wed Sep 26, 2007 9:37 am
by VladSun
When a cookie is HttpOnly the web browser should (see note about firefox implementation below) not allow client side scripts such as JavaScript to have access to the cookie. This can help mitigate the effects of cross site scripting (XSS) attacks.
from http://www.petefreitag.com/item/644.cfm

It has PHP 5.2 support.

Posted: Wed Sep 26, 2007 10:40 am
by The Phoenix
We've discussed them a few times here on dev net, but its really useful stuff!

Now Opera's latest alpha supports them, Firefox supports them, PHP 5.2 adds native support for them, IE supports them..

The ball is really rolling. I wonder if Safari supports them..