Understood. All I am really asking/begging/patching for is a HttpOnly
option for the JSESSIONID cookie.
- Jim
Guenter Knauf wrote:
Hi,
we can't do this one
https://issues.apache.org/bugzilla/attachment.cgi?id=21741
that's a servlet spec class
well, that wasnt clever now!
You should first have commited, then made a trip to Kauai with your
laptop, and then from there at the Tomcat coding party via wireless
*just found* that this is invalid, told him personally, and then
revoke the commit again.....!
LOL! I'll keep that in mind for the next time :)
cheers, Guen.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Jim Manico
Senior Application Security Engineer
Aspect Security
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
