Support for HttpOnly flag in mochiweb_cookies:cookie

tjbush / mochiweb

Automatically exported from code.google.com/p/mochiweb

Other

0 stars 0 forks source link

Support for HttpOnly flag in mochiweb_cookies:cookie #29

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

I would highly recommend adding support for the "HttpOnly" flag in
mochiweb's cookie library.  This flag is non-standard but is supported by
Opera 9.5, Firefox 3 and IE7.

Its main purpose is to help prevent XSS cookie theft.

Further reading: http://www.codinghorror.com/blog/archives/001167.html

Original issue reported on code.google.com by jason.da...@gmail.com on 23 Feb 2009 at 3:54

GoogleCodeExporter commented 8 years ago

A patch would be good motivation to implement this :)

Original comment by bob.ippo...@gmail.com on 24 Feb 2009 at 4:05

GoogleCodeExporter commented 8 years ago

Oops, thought I'd attached it. Here it is...

Original comment by jason.da...@gmail.com on 24 Feb 2009 at 4:22

Attachments:

mochiweb_cookies_http_only.diff

GoogleCodeExporter commented 8 years ago

Any thoughts on my patch?

Original comment by jason.da...@gmail.com on 14 Apr 2009 at 1:51

GoogleCodeExporter commented 8 years ago

r100

Original comment by bob.ippo...@gmail.com on 14 Apr 2009 at 4:25

Changed state: Fixed