httpOnly cookies in PHP
Ilia, one of the PHP developers, has included a patch by Scott MacVicar into CVS for PHP 5.2 that allows you to set a httpOnly cookie instead of a normal cookie. A httpOnly cookie allows you to set a cookie that isn't accessible via Javascript, and so removes the possibility of some nefarious code to try and read your cookie.
This can be enabled in PHP 5.2. by passing TRUE as the 7th paramenter in setcookie() and setrawcookie(). In versions below 5.2, you can set this by passing an additional header.
Add comment August 11th, 2006