I also think we should be careful to add non standard attributes.
Perhaps there are a lot of others, but I don't know.
Is it right, that you can handle this HTTPOnly also with
CacheControl.cacheExtensins?
best regards
Stephan
Marc Hadley schrieb:
> Are there other extended attributes or is this a special case ?
>
> Marc.
>
> On Jul 23, 2008, at 1:13 PM, Rajiv Mordani wrote:
>
>> We have added support for HTTP-only cookies in servlet 3.0. It is the
>> EDR out there but there is no implementation available as yet.
>>
>> - Rajiv
>>
>> Bertold Kolics wrote:
>>> Hi,
>>>
>>> Would it be possible to add support for HTTP-only cookies in the
>>> Cookie/NewCookie classes (see
>>> http://www.owasp.org/index.php/HTTPOnly)? I understand that this
>>> extension is non-standard and does not give full protection against
>>> XSS - but it should be trivial to implement.
>>>
>>> Bertold
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_jsr311.dev.java.net
>>> For additional commands, e-mail: users-help_at_jsr311.dev.java.net
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_jsr311.dev.java.net
>> For additional commands, e-mail: users-help_at_jsr311.dev.java.net
>>
>
> ---
> Marc Hadley <marc.hadley at sun.com>
> CTO Office, Sun Microsystems.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jsr311.dev.java.net
> For additional commands, e-mail: users-help_at_jsr311.dev.java.net
>