Firebug 1.2 document.cookie inconsistency with Web Developer

Question

I have a URI here in which a simple document.cookie query through the console is resulting in three cookies being displayed. I verified this with trivial code such as the following as well:

var cookies = document.cookie.split(';'); 
console.log(cookies.length);

The variable cookies does indeed come out to the number 3. Web Developer on the other hand is indicating that a grand total of 8 cookies are in use.

I'm slightly confused to believe which is inaccurate. I believe the best solution might involve just reiterating the code above without the influence of Firebug. However, I was wondering if someone might suggest a more clever alternative to decipher which tool is giving me the inaccurate information.

Thanks all!

Answer 1

One reason might be that the other 5 cookies are HTTPONLY:

http://msdn.microsoft.com/en-us/library/ms533046.aspx

If the HttpOnly attribute is included in the response header, the cookie is still sent when the user browses to a Web site in the valid domain. The cookie cannot be accessed through script in Internet Explorer 6 SP1, even by the Web site that set the cookie in the first place. This means that even if a cross-site scripting bug exists, and the user is tricked into clicking a link that exploits this bug, Windows Internet Explorer does not send the cookie to a third party. The information is safe.

Firefox also respects this flag (as of v2.0.0.5).

Answer 2

I'm pretty sure the web developer toolbar shows cookies for domain and sub-domains.

So it will show cookies for

abc.xyz.com xyz.com

whether you are on a page of either domain