W3C home > Mailing lists > Public > public-html@w3.org > December 2008

document.cookie and HTTPOnly

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 02 Dec 2008 10:06:51 +0100
To: "HTML WG" <public-html@w3.org>
Message-ID: <op.uli19pj364w2qv@annevk-t60.oslo.opera.com>

currently does not take HTTPOnly into account. There should at least be a  
note there that the user agent may not always reveal all cookies the  
Cookie header contains. Likewise, HTTPOnly cookies are not be overwritten  
by script.

Anne van Kesteren
Received on Tuesday, 2 December 2008 09:07:32 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:44:40 UTC