comments (not for humans)
The new version of Firefox supports HttpOnly cookies. Unfortunately though, as Rsnake has written about here, the implementation has a vulnerability. Call getAllResponseHeaders() on an XMLHttpRequest object reveals the cookie.[...]
Just read Kyan's post about Opera 9.5 including support for HttpOnly cookies. Nice.[...]
Vidar wrote an interesting article pointing me to HTTPOnly-cookies. Microsoft created this extension to the cookie standard, to allow servers to issue cookies with a special HttpOnly-flag. This flag makes the cookie inaccessible to javascript in supported browsers (currently only newer versions of IE supports this feature fully).