Everything works as expected with the exception of the httponly flag which is not being set. I have used Firefox and Chrome to view the headers but neither show as having the httponly flag set.
How are you checking to see if the flag is set?
Tools + Options + Privacy + Show Cookies?
Yeah, I can confirm that widget doesn't indicate whether or not httponly is set, but the header is sent
$ perl -MCGI::Cookie -le " print CGI::Cookie->new( qw/ -name mycookie +/, -value => [qw/ foo bar /], qw/ -secure 1 -httponly 1 -expires +3M +/ ) " mycookie=foo&bar; path=/; expires=Thu, 10-May-2012 07:54:06 GMT; secur +e; HttpOnly
$ lwp-request -USEd http://localhost/cgi-bin/httponly.cgi GET http://localhost/cgi-bin/httponly.cgi User-Agent: lwp-request/6.03 libwww-perl/6.03 200 OK Connection: close Date: Fri, 10 Feb 2012 07:59:39 GMT Server: Apache/2.0.54 (Win32) mod_ssl/2.0.54 OpenSSL/0.9.7g PHP/4.3.11 + mod_perl/2.0.1 Perl/v5.8.9 Content-Type: text/html; charset=UTF-8 Client-Date: Fri, 10 Feb 2012 07:59:42 GMT Client-Peer: 127.0.0.1:80 Client-Response-Num: 1 Client-Transfer-Encoding: chunked Set-Cookie: mycookie=foo&bar; path=/; expires=Thu, 10-May-2012 07:59:4 +1 GMT; secure; HttpOnly Title: Untitled Document
From the Web Console ( Ctrl+Shift+K ) I can confirm that cookies set with httponly don't show up in document.cookie
So yeah, it works
In reply to Re: Cannot get httponly to work
by Anonymous Monk
in thread Cannot get httponly to work
by SquirrelHead
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |