For more info:
Update: HTTPOnly is now supported in at least some versions of Tomcat! http://manicode.blogspot.com/2009/03/httponly-supported-in-tomcat-6019.html
Wednesday, February 25, 2009
Apache Tomcat HttpOnly Support Saga Continues
I see Mark Thomas from Apache still trying to get resolution on the whether to back-port the Apache Tomcat 7 HTTPOnly session-id attribution (per Java Servlet 3.0) into Tomcat 6 (a Servlet 2.5 container). The patch has been complete for well over 5 months and is still awaiting approval. What's more important here; standards or security?
For more info:
Update: HTTPOnly is now supported in at least some versions of Tomcat! http://manicode.blogspot.com/2009/03/httponly-supported-in-tomcat-6019.html
For more info:
Update: HTTPOnly is now supported in at least some versions of Tomcat! http://manicode.blogspot.com/2009/03/httponly-supported-in-tomcat-6019.html
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment