Hello Anonymonk,

What makes you think that # HttpOnly_* is a commented entry in that cookie-jar? In fact, curl can perfectly understand that HttpOnly_* entry if you visit a HTTP site and will silently ignore it for HTTPS sites. The reason for this is to prevent XSS attacks. If you're using libcurl or LWP, it should work just fine without you having to go mucking with that cookie file :-)

Read more about this here