> secure and HttpOnly are flags, there is no "=" afterwards, so the > string length should be correct. One thing which is not completely > correct though is that "secureXYZ" would be interpreted as "secure". If > you want to fix that too, it should probably go into a separate patch. > Ah, right. I'll just fix the version one for now