Does WordPress Support httponly Cookies?


Does anyone know if WordPress fully supports httponly cookies? The code seems to imply that it does, but I want to make sure I’m not missing something.

As mentioned in a couple of other threads, I’m concerned about potential cookie theft if we allow users to run JavaScript (and we need to allow JavaScript for various business reasons), but of course httponly goes a long way in preventing this.