tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: Support for httpOnly cookies in Tomcat 6.0.x
Date Wed, 25 Feb 2009 15:56:00 GMT
Ping. This has been hanging around the status file for a while and I'd
quite like to complete it.


Mark Thomas wrote:
> Folks,
> The implementation of httpOnly support in Tomcat 7 fits well with the previous
> httpOnly patch [1] that is currently the proposed backport for 6.0.x
> When originally proposed there was some concern that the v3 servlet spec may
> require some changes. This hasn't been the case. With that in mind could folks
> please review their comments and votes for this patch. I'd like to get it into
> 6.0.19 if posible.
> If you still think there is room for improvement, I'm happy to take another look
> at this. Some pointers as to how you think things could/should be improved would
> be appreciated.
> If you do vote for this patch, please remember to indicate your preference for
> using or not using httpOnly for session cookies by default.
> Cheers,
> Mark
> [1]
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message