Expected output: Has 'normal' cookie. Does not have 'httpOnly' cookie. |
Expected output: Has 'normal' cookie. Has 'httpOnly' cookie. |
Expected output: Has 'normal' cookie. Has 'httpOnly' cookie. |
Browser | OS | Version | Cookie Setting | Browser | AJAX | Java | |
---|---|---|---|---|---|---|---|
Firefox | Vista | 3.6.3 | Do not accept third-party | Good | Good | No cookies at all | |
Firefox | Vista | 3.6.3 | Accept third-party | Good | Good | No httpOnly cookie | |
Safari | Vista | 3.2.2 | Only from sites you visit | Has httpOnly Ccookie | Good | Good | Safari 3 doesn't support protecting http-only cookies at all |
Safari | Vista | 3.2.2 | Always | Has httpOnly Ccookie | Good | Good | |
Safari | Vista | 4.0.5 | Only from sites you visit | Good | No httpOnly cookie | No httpOnly cookie | Safari 4 doesn't support http-only cookies at all |
Safari | Vista | 4.0.5 | Always | Good | No httpOnly cookie | No httpOnly cookie | |
Opera | Vista | 9.63 | Only from the site I visit | Good | Good | Good | |
Opera | Vista | 9.63 | All | Good | Good | Good | |
Chrome | Vista | 4.1.249 | Restrict third-party cookies | Good | Good | No httpOnly cookie | |
Chrome | Vista | 4.1.249 | All | Good | Good | No httpOnly cookie | |
IE | Vista | 8.0.6001 | High | No cookies at all | Good | No cookies at all | Consitent between JavaScript and Java |
IE | Vista | 8.0.6001 | Medium-High | Good | Good | No httpOnly cookie | |
IE | Vista | 8.0.6001 | Medium | Good | Good | No httpOnly cookie | |
IE | Vista | 8.0.6001 | All | Good | Good | No httpOnly cookie |
setcookie('normal', 'xxx', 0, '/', null, false, false); setcookie('httpOnly', 'xxx', 0, '/', null, false, true);
if (array_key_exists('normal', $_COOKIE) && $_COOKIE['normal'] == 'xxx') { echo "Has 'normal' cookie.\n"; } else { echo "Does not have 'normal' cookie.\n"; } if (array_key_exists('httpOnly', $_COOKIE) && $_COOKIE['httpOnly'] == 'xxx') { echo "Has 'httpOnly' cookie."; } else { echo "Does not have 'httpOnly' cookie.\n"; }