On Fri, 12 Nov 2010, Clinton Gormley wrote:
> http://en.wikipedia.org/wiki/HttpOnly#Cookie_theft Thanks, I will add this option to A2C session cookies when it's ready... no reason to be giving that away. > I had a read of your bug and the conversation it links to. > This isn't a bug in libapreq or Apache2::Cookie - some > process somewhere (and it could be from an advert on the > user's site) is setting an invalid cookie, which then gets > passed back to apache. > > Apache2::Cookie tries to parse it, and chokes on it, > throwing an error. However, you can change how you use > Apache2::Cookie to ignore the error and just retrieve > valid cookies as discussed in the conversation linked to > in that bug report: > http://comments.gmane.org/gmane.comp.apache.apreq/4477 Thanks for the confirmation! Mark