Symfony2: setting a cookie
By default Symfony\Component\HttpFoundation\Cookie is created as HttpOnly, which triggers security measures in supporting browsers; this helps mitigate certain XSS attacks possible in javascript.
To expose the cookie in such a browser set $httpOnly
argument to false
:
new Cookie('user', $user, 0, '/', null, false, false); //last argument
It's worth noting that at the time of this edit the framework is configured to not use HttpOnly cookies by default: see the cookbook (cookie_httponly).