The CMS is using SSL and therefore https.
My question is whether the HTTPonly switch will make any difference.
Am I setting it right:
setcookie(CookieName, 'Yes', time()+3600, '', "domain.co.uk", true, true);This succesfully sets the Secure Flag, but I am not sure about the HTTPonly bit.
My questions are:
Is the HTTPonly element valid when using https ??
Am I setting it correctly ??
Is this method of Logged in tracking Secure enough for the CMS on a Non Trading site ??