Return-Path: Delivered-To: apmail-tomcat-dev-archive@www.apache.org Received: (qmail 23664 invoked from network); 2 Apr 2008 05:47:46 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 2 Apr 2008 05:47:46 -0000 Received: (qmail 48011 invoked by uid 500); 2 Apr 2008 05:47:39 -0000 Delivered-To: apmail-tomcat-dev-archive@tomcat.apache.org Received: (qmail 47937 invoked by uid 500); 2 Apr 2008 05:47:39 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 47926 invoked by uid 99); 2 Apr 2008 05:47:38 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 01 Apr 2008 22:47:38 -0700 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [209.85.146.182] (HELO wa-out-1112.google.com) (209.85.146.182) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 02 Apr 2008 05:46:57 +0000 Received: by wa-out-1112.google.com with SMTP id m38so3020563waf.16 for ; Tue, 01 Apr 2008 22:47:07 -0700 (PDT) Received: by 10.114.107.19 with SMTP id f19mr14020774wac.113.1207115227746; Tue, 01 Apr 2008 22:47:07 -0700 (PDT) Received: from ?192.168.7.100? ( [24.94.65.250]) by mx.google.com with ESMTPS id v35sm2704972wah.19.2008.04.01.22.47.06 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Apr 2008 22:47:07 -0700 (PDT) Message-ID: <47F31DD6.5010405@manico.net> Date: Tue, 01 Apr 2008 19:47:02 -1000 From: Jim Manico Reply-To: jim@manico.net User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: Tomcat Developers List Subject: Re: HttpOnly and Kauai References: <6291fc850803311319v5843b45csc4fec77714ad97b0@mail.gmail.com> <47F148B5.2020802@manico.net> <47F2EA78.3070102@hanik.com> <47F2FC03.5060301@hanik.com> In-Reply-To: <47F2FC03.5060301@hanik.com> X-Enigmail-Version: 0.95.6 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org Understood. All I am really asking/begging/patching for is a HttpOnly option for the JSESSIONID cookie. - Jim > Guenter Knauf wrote: >> Hi, >> >>> we can't do this one >>> https://issues.apache.org/bugzilla/attachment.cgi?id=21741 >>> >> >> >>> that's a servlet spec class >>> >> >> well, that wasnt clever now! >> You should first have commited, then made a trip to Kauai with your >> laptop, and then from there at the Tomcat coding party via wireless >> *just found* that this is invalid, told him personally, and then >> revoke the commit again.....! >> > LOL! I'll keep that in mind for the next time :) >> cheers, Guen. >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org >> For additional commands, e-mail: dev-help@tomcat.apache.org >> >> >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org > For additional commands, e-mail: dev-help@tomcat.apache.org > -- Jim Manico Senior Application Security Engineer Aspect Security --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org