[Webkit-unassigned] [Bug 10957] HttpOnly Cookie Option

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu May 22 13:51:34 PDT 2008


------- Comment #20 from rsesek at bluestatic.org  2008-05-22 13:51 PDT -------
(In reply to comment #19)
> (In reply to comment #18)
> > I think a code change to the WebCore/platform still needs to be made. Looking
> > at the various CookieJar classes, it looks like it will be up to WebCore to
> > disregard HttpOnly cookies -- they will still be passed to us from the
> > underlying network layer.
> I see. You're right -- it might turn out that way. Another design would be to
> have HttpOnly cookies entirely invisible to the old API and add new API that
> allows clients to see them. I guess we won't know what's required until this
> gets implemented by the networking layer.

Looking at Qt's implementation in the 4.5 snapshot, you get all the cookies and
then have to call isHttpOnly() on QNetworkCookie to figure out whether or not
you keep it in the CookieJar.

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list