> Is there a way to set HttpOnly when creating a cookie with set response > cookie?
Currently there is no support for HttpOnly. I'll add support for that in v6.1. > Is this something I should even worry about? It helps to mitigate XSS attacks, but there are plenty of other ways to do that. See http://en.wikipedia.org/wiki/Cross-site_scripting. Regards, Aparajita _______________________________________________ Active4D-dev mailing list [email protected] http://list.aparajitaworld.com/listinfo/active4d-dev Archives: http://active4d-nabble.aparajitaworld.com/
