tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Support for httpOnly cookies in Tomcat 6.0.x
Date Wed, 25 Feb 2009 15:56:00 GMT
Ping. This has been hanging around the status file for a while and I'd
quite like to complete it.

Mark

Mark Thomas wrote:
> Folks,
> 
> The implementation of httpOnly support in Tomcat 7 fits well with the previous
> httpOnly patch [1] that is currently the proposed backport for 6.0.x
> 
> When originally proposed there was some concern that the v3 servlet spec may
> require some changes. This hasn't been the case. With that in mind could folks
> please review their comments and votes for this patch. I'd like to get it into
> 6.0.19 if posible.
> 
> If you still think there is room for improvement, I'm happy to take another look
> at this. Some pointers as to how you think things could/should be improved would
> be appreciated.
> 
> If you do vote for this patch, please remember to indicate your preference for
> using or not using httpOnly for session cookies by default.
> 
> Cheers,
> 
> Mark
> 
> [1] http://svn.apache.org/viewvc?view=rev&revision=694992
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 




---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message