Just a note -- having implemented and deployed this (in userspace, not in php itself) -- setting the http_only flag kills the cookie in IE on the Mac. One would hope no one is using such a thing anymore, but I thought I'd point it out, and I'm definately in favor of the change. Maybe it will get Mozilla to finally implement it (and deal with a coookie file format change -- ooh, biggie).
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php