Quoting steve <[EMAIL PROTECTED]>: > Just a note -- having implemented and deployed this (in userspace, not > in php itself) -- setting the http_only flag kills the cookie in IE on > the Mac. One would hope no one is using such a thing anymore, but I > thought I'd point it out, and I'm definately in favor of the change. > Maybe it will get Mozilla to finally implement it (and deal with a > coookie file format change -- ooh, biggie). >
IE for Mac isn't part of our test suite here so I never gave it a check, frankly its no longer supported by Microsoft or Apple and has since been superseded by Safari. Suitable documentation can be added explaining the problem with IE for Mac though I suspect it has already disappeared through its lack of support for "Web 2.0". Our test results showed that Opera, Webkit, Gecko and IE based browsers had no problem with the cookie format sent, those which didn't support HttpOnly simply ignored it (Gecko). The Mozilla feature request is at https://bugzilla.mozilla.org/show_bug.cgi?id=178993 A patch was submitted after sponsorship from Live Journal but since the change wasn't backwards compatible with older versions of the browsers they refused to implement it. Cheers, Scott -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
