Firefox and httpOnly

Seems like a little something slipped under the radar in the latest release of everyone’s favorite browser (Firefox – the introduction of httpOnly cookies. I know it’s not supported across the board, but it’s a step in the right direction.

As Alex mentions and includes a code snippet for, it’s as easy as setting a “httpOnly” parameter when creating the cookie to get it to work correctly.

What are httpOnly cookies? Well, the simple answer is that they protect your information in the cookie by making it inaccessible once they’ve been set so as to not allow other sites (or even the site that set it) to get at it. It can only be used when accessed by a HTTP request and *not* a script request.

Also, happily, PHP allows this to be set right along with the other parameters in setcookie as supported in PHP 5.2. No better time to upgrade, eh?

Category: PHP, Web 2 comments »

2 Responses to “Firefox and httpOnly”

  1. Thats one PHP-5.2.x feature for Phorum-5.2 I’d like to use … « Another web-guy talking …

    [...] Cookies support in the setcookie-call. Now that Firefox supports it too (as mentioned here and here) the main browsers are supporting it. Internet Explorer seems to have been the first one [...]

  2. James Benson

    Microsoft invented this I think I remember someone else saying on their blog.

Leave a Reply

Back to top