tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jim Manico" <>
Subject Adding HTTPONLY cookie support option to Tomcat 5.5/6
Date Fri, 08 Feb 2008 05:38:23 GMT


You folks rock - I have used Tomcat at Sun for many projects - it's been
rock solid.


I'd like to add something back to the community.


I'm hot on adding support for the HTTPONLY cookie flag for security purposes
now that IE and Tomcat support it for XSS and other security protections.


1)      Can I add this to both 5.5 and 6 as a Session Manager option?

2)      Where do you recommend I start?

3)      Should I post my code samples to the list before I check in?


This is my first time contributing to Tomcat, any guidance to get me started
would be greatly appreciated.



Jim Manico



  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message