26 Nov
2012
26 Nov
'12
7:14 p.m.
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=9102 --- Comment #7 from Chris Cormack <chris@bigballofwax.co.nz> --- Not sure about that Jonathan, since those ones are only used by the API, not rendered in a page. Possibly users of the API might want to interact with the cookie with javascript? More likely, since they wont be interacting with it with a browser that understands the httponly flag it will be ignored. We could add the flag just in case a user is tricked into going to a page from the api, that has been compromised and has xss in it. Maybe send a follow up, It can't really hurt to have it in it I think. -- You are receiving this mail because: You are watching all bug changes.