Skip Menu |
 

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the CGI CPAN distribution.

Report information
The Basics
Id: 42990
Status: resolved
Priority: 0/
Queue: CGI

People
Owner: MARKSTOS [...] cpan.org
Requestors: bitcard [...] chimpychompy.org
Cc:
AdminCc:

Bug Information
Severity: Unimportant
Broken in: (no value)
Fixed in: (no value)



Subject: httponly cookie option now supported in more browsers than docs say?
Download (untitled) / with headers
text/plain 439b
The docs (CGI::Cookie) say that only IE6 supports httponly cookie option. However, according to: http://www.codinghorror.com/blog/archives/001167.html Opera 9.5, Internet Explorer 7, and Firefox 3 now support it. Also, accoding to: https://bugs.webkit.org/show_bug.cgi?id=10957 webkit/Safari may be getting there too. Would it be possible to update the docs to say there is more support now (but still not universal, obviously)?
Download (untitled) / with headers
text/plain 988b
On Tue Feb 03 05:32:52 2009, gss wrote: Show quoted text
> The docs (CGI::Cookie) say that only IE6 supports httponly cookie > option. > > However, according to: > > http://www.codinghorror.com/blog/archives/001167.html > > Opera 9.5, Internet Explorer 7, and Firefox 3 now support it. > > Also, accoding to: > > https://bugs.webkit.org/show_bug.cgi?id=10957 > > webkit/Safari may be getting there too. > > Would it be possible to update the docs to say there is more support > now (but still not > universal, obviously)?
Yes, it is possible. Please submit a doc patch against 3.43. A related issue is that at least one browser will fail to to read the cookie at all if httponly is present. That's IE On the Mac. This could potentially be addressed by silently dropping 'httponly' if we find a useragent that that matches this. This is similar to the approach the MediaWiki takes when dealing with httponly. There related bug report is here: https://bugzilla.wikimedia.org/show_bug.cgi?id=13905
Download (untitled) / with headers
text/plain 106b
I've now created a patch now to update the docs for HttpOnly to clarify that it is widely supported now.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.