Never Saw You On GG.
I Finally Remember Why Your Username Was So Familiar! ZZ!
Why do you have an IP logger in your signature?
To the contrary, the flash games do not have access to the cookies. An HTTPOnly cookie means it can only be read by the browser during HTTP requests only, not anything within the browser (including JavaScript and flash). The flash game sends the request to the server, during which the browser sends the session cookie (as it's an HTTP request), and the server sends the response after validating the session. There is nothing a phisher can do in-browser to figure out the session cookie value. The phisher can send as many page requests as he wants, which will also send the session, but the neither JavaScript nor the flash games themselves are able to read the cookies - merely interpret the response. Since the response won't include the cookie value, there is no method of reading it. I could write an analogy for you, but I assume you understand that.
I hadn't read the topic, hence any repeats. But I never made any false statements - document.cookie contains no login information, session information, or anything of the sort that can be used to scam or phish an account. What was it I said that was incorrect?
Good for you. Just informing you that your random acts of trying to look smart aren't doing you justice and that you should rather leave them to situations that warrant them, instead of trying to 'correct' someone who was already right in a topic about which they know more than you.
Cute, homes. But I think you should probably be aware that I've been programming websites (including website security) for going on 8 years now. I know well how clients and servers communicate, so you're really trying to show off to the wrong person.