- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 02 Dec 2008 10:06:51 +0100
- To: "HTML WG" <public-html@w3.org>
http://www.whatwg.org/specs/web-apps/current-work/multipage/dom.html#dom-document-cookie currently does not take HTTPOnly into account. There should at least be a note there that the user agent may not always reveal all cookies the Cookie header contains. Likewise, HTTPOnly cookies are not be overwritten by script. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Tuesday, 2 December 2008 09:07:32 UTC