I ran across a blog today that was a pretty interesting read. It is about protecting your cookies by using HttpOnly flag when you set the cookie. Perhaps Drupal should tighten the security gap as well?

Protecting Your Cookies: HttpOnly

Comments

pwolanin’s picture

I added this to 7.x - we could backport to 6.x and 5.x, but it would only affect people running more recent PHP versions: http://drupal.org/node/280934
---
Work: Acquia.com

---
Work: BioRAFT