I completed the needed patches for httpOnly support in Tomcat.
Please see:
https://issues.apache.org/bugzilla/show_bug.cgi?id=44382
Only 3 files were touched:
org.apache.catalina.connector.Response
org.apache.catalina.connector.Request
and
org.apache.tomcat.util.http.ServerCookie
You sincere consideration would be greatly appreciated. Please at least
review before you jump down my throat, Remy! :)
Best,
Jim Manico
[EMAIL PROTECTED]
Senior Application Security Engineer
Aspect Security / OWASP.org
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
