Ah, I saw a post from one of the Tomcat leads hinting that we might see HttpOnly support in Tomcat soon....
https://issues.apache.org/bugzilla/show_bug.cgi?id=45632
It's been 5 months since my original Tomcat HttpOnly post and patch at https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
No word on Webkit/Safari. https://bugs.webkit.org/show_bug.cgi?id=10957 Also no word from Opera about complete HttpOnly protection. I'll start making more noise soon.
The HttpOnly crusade, quietly, does continue.
Subscribe to:
Post Comments (Atom)
1 comment:
Keep up the good work.
Manico - man, you can't buy a name that good.
Post a Comment