Firefox and httpOnly

Seems like a little something slipped under the radar in the latest release of everyone’s favorite browser (Firefox – the introduction of httpOnly cookies. I know it’s not supported across the board, but it’s a step in the right direction.

As Alex mentions and includes a code snippet for, it’s as easy as setting a “httpOnly” parameter when creating the cookie to get it to work correctly.

What are httpOnly cookies? Well, the simple answer is that they protect your information in the cookie by making it inaccessible once they’ve been set so as to not allow other sites (or even the site that set it) to get at it. It can only be used when accessed by a HTTP request and *not* a script request.

Also, happily, PHP allows this to be set right along with the other parameters in setcookie as supported in PHP 5.2. No better time to upgrade, eh?


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>