W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2009

[XMLHttpRequest] withCredentials=false and returned cookies

From: David Levin <levin@chromium.org>
Date: Thu, 30 Jul 2009 11:46:55 -0700
Message-ID: <b902e34a0907301146y3c89eeaap4417205193ad3690@mail.gmail.com>
To: public-webapps@w3.org
In http://www.w3.org/TR/XMLHttpRequest2/#credentials, it
says: "The credentials flag ...indicates whether a non same origin request
includes cookie and HTTP authentication data...during the send() algorithm."

If withCredentials is false, it seems like the cookies returned from the
request shouldn't be stored either, but I couldn't find mention of this.
(Why should the cookies returned from this be stored and possibly interfere
with same origin requests, especially if the cookies aren't being sent?)

Is this true?

thanks, dave
Received on Thursday, 30 July 2009 18:47:39 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:18 UTC