tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Manico <...@manico.net>
Subject Re: HttpOnly and Kauai
Date Wed, 02 Apr 2008 05:47:02 GMT
Understood. All I am really asking/begging/patching for is a HttpOnly 
option for the JSESSIONID cookie.

- Jim
> Guenter Knauf wrote:
>> Hi,
>>  
>>> we can't do this one
>>> https://issues.apache.org/bugzilla/attachment.cgi?id=21741
>>>     
>>
>>  
>>> that's a servlet spec class
>>>     
>>
>> well, that wasnt clever now!
>> You should first have commited, then made a trip to Kauai with your 
>> laptop, and then from there at the Tomcat coding party via wireless 
>> *just found* that this is invalid, told him personally, and then 
>> revoke the commit again.....!
>>   
> LOL! I'll keep that in mind for the next time :)
>> cheers, Guen.
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: dev-help@tomcat.apache.org
>>
>>
>>
>>   
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>


-- 
Jim Manico
Senior Application Security Engineer
Aspect Security


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message