Quote Originally Posted by Artificial View Post
I would just like to thank you both for entertaining me muchly.



HTTPOnly should render cookie grabbing impossible (if properly implemented). If you do have a workaround (probably an ajax call to a page (gsi) that shows the SID) isn't cookie grabbing.
I did say that I meant m=109, and I did say I understand how HTTPOnly works.

Edit: Also, you're very welcome. I'll be staying out again for the next half year. As this cycle seems to go.