You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2008/07/12 00:58:58 UTC
DO NOT REPLY [Bug 44382] Need to add support for HTTPOnly session
cookie parameter
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
Saptarshi <su...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sunbiz@gmail.com
--- Comment #7 from Saptarshi <su...@gmail.com> 2008-07-11 15:58:57 PST ---
All the major browsers supporting it... It is useful for the security of web
applications and can help prevent XSS (if not XST). This isn't really a big
change to the code and should be done quickly.
And if anyone is thinking its only a Microsoft hack, then today we shouldn't
have AJAX in web programming.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org