We have added support for HTTP-only cookies in servlet 3.0. It is the
EDR out there but there is no implementation available as yet.
- Rajiv
Bertold Kolics wrote:
> Hi,
>
> Would it be possible to add support for HTTP-only cookies in the
> Cookie/NewCookie classes (see
> http://www.owasp.org/index.php/HTTPOnly)? I understand that this
> extension is non-standard and does not give full protection against
> XSS - but it should be trivial to implement.
>
> Bertold
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jsr311.dev.java.net
> For additional commands, e-mail: users-help_at_jsr311.dev.java.net