tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Support for httpOnly cookies in Tomcat 6.0.x
Date Fri, 13 Feb 2009 16:38:10 GMT

The implementation of httpOnly support in Tomcat 7 fits well with the previous
httpOnly patch [1] that is currently the proposed backport for 6.0.x

When originally proposed there was some concern that the v3 servlet spec may
require some changes. This hasn't been the case. With that in mind could folks
please review their comments and votes for this patch. I'd like to get it into
6.0.19 if posible.

If you still think there is room for improvement, I'm happy to take another look
at this. Some pointers as to how you think things could/should be improved would
be appreciated.

If you do vote for this patch, please remember to indicate your preference for
using or not using httpOnly for session cookies by default.




To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message