[UPHPU] httponly cookies
lists at kittypee.com
Mon Jul 23 12:19:33 MDT 2007
> There were some posts today on planet-php.org about the use of http-only
> cookies - apparently it's a way to hide the transmittal of cookie data.
> Anyone know anything about this and is it worthwhile to explore or
> utilize ?
The brand-new Firefox 220.127.116.11 just implemented support for http-only
These cookies must be supported by the browser, since it is just a flag
the server sends to the browser to instruct the browser to not leak the
PHP 5.2 implemented some support for httpOnly cookies. A new 7th param
to setcookie() is a boolean to set the httpOnly flag.
A new ini file directive session.cookie-httponly to make session cookies
auto flag the httpOnly flag.
It seems from reading the comments on
that setting the flag doesn't break browsers that don't support the
flag. They just simply ignore the flag.
More information about the UPHPU