On Jul 24, 2008, at 12:27 PM, Bertold Kolics wrote:
>>>
>> There's a not-entirely-pleasant work around:
>>
>> NewCookie nc = new NewCookie(...);
>> Response r = Response.ok().header("Set-Cookie", nc.toString()
>> +";HttpOnly").build();
>>
>> I'm not really keen to bake in support for non-standard attributes.
> As long as NewCookie is not a final class, I can always subclass it
> in my application.
>
Yes, that works too.
> Speaking of what the standard is - did not you say a few weeks ago
> that RFC 2965 is not widely implemented. Does not the header of 2965
> says that it obsoletes 2109? So, here we are talking about adding a
> non-standard flag to the implementation of an obsolete standard. ;-)
>
Indeed ;-).
Marc
>>
>>>
>>> Marc Hadley schrieb:
>>>> Are there other extended attributes or is this a special case ?
>>>>
>>>> Marc.
>>>>
>>>> On Jul 23, 2008, at 1:13 PM, Rajiv Mordani wrote:
>>>>
>>>>> We have added support for HTTP-only cookies in servlet 3.0. It
>>>>> is the EDR out there but there is no implementation available as
>>>>> yet.
>>>>>
>>>>> - Rajiv
>>>>>
>>>>> Bertold Kolics wrote:
>>>>>> Hi,
>>>>>>
>>>>>> Would it be possible to add support for HTTP-only cookies in
>>>>>> the Cookie/NewCookie classes (see http://www.owasp.org/index.php/HTTPOnly)?
>>>>>> I understand that this extension is non-standard and does not
>>>>>> give full protection against XSS - but it should be trivial to
>>>>>> implement.
>>>>>>
>>>>>> Bertold
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail: users-unsubscribe_at_jsr311.dev.java.net
>>>>>> For additional commands, e-mail: users-help_at_jsr311.dev.java.net
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: users-unsubscribe_at_jsr311.dev.java.net
>>>>> For additional commands, e-mail: users-help_at_jsr311.dev.java.net
>>>>>
>>>>
>>>> ---
>>>> Marc Hadley <marc.hadley at sun.com>
>>>> CTO Office, Sun Microsystems.
>>>>
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: users-unsubscribe_at_jsr311.dev.java.net
>>>> For additional commands, e-mail: users-help_at_jsr311.dev.java.net
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe_at_jsr311.dev.java.net
>>> For additional commands, e-mail: users-help_at_jsr311.dev.java.net
>>>
>>
>> ---
>> Marc Hadley <marc.hadley at sun.com>
>> CTO Office, Sun Microsystems.
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe_at_jsr311.dev.java.net
>> For additional commands, e-mail: users-help_at_jsr311.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jsr311.dev.java.net
> For additional commands, e-mail: users-help_at_jsr311.dev.java.net
>
---
Marc Hadley <marc.hadley at sun.com>
CTO Office, Sun Microsystems.