http://www.whatwg.org/specs/web-apps/current-work/multipage/dom.html#dom-document-cookie currently does not take HTTPOnly into account. There should at least be a note there that the user agent may not always reveal all cookies the Cookie header contains. Likewise, HTTPOnly cookies are not be overwritten by script. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>Received on Tuesday, 2 December 2008 09:07:32 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:40:24 GMT