On Mon, Jan 3, 2011 at 11:36 PM, Jari Bakken <[email protected]> wrote: > Den 3. jan. 2011 kl. 23:55 skrev Simon Stewart <[email protected]>: > >> >> The constraint is laid down because we sometimes need to implement the >> cookie code in pure JS. >> At that point, the only cookies available are >> those that are visible in the current domain. The WebDriver API >> mirrors this constraint. It does mean that in those browsers where we >> have better integration with the browser the API is more constrained >> than it needs to be, but it also means that we have a consistent >> contract between browsers. > > For future reference, where is that?
Strictly speaking: that we only return cookies that would be visible using Javascript from the current frame that is selected. The tests are located at: http://code.google.com/p/selenium/source/browse/trunk/common/test/java/org/openqa/selenium/CookieImplementationTest.java >> Also, no-one's really got a good way of acknowledging HTTP only >> cookies. > > I'm not sure what that means. What are HTTP only cookies? Terrifying. They're cookies that are _not_ viewable from client-side scripts. I've not seen them much in the wild yet (no pun intended) http://tools.ietf.org/html/draft-ietf-httpstate-cookie-09 http://www.owasp.org/index.php/HttpOnly Simon _______________________________________________ Wtr-development mailing list [email protected] http://rubyforge.org/mailman/listinfo/wtr-development
