[
https://issues.apache.org/jira/browse/TAP5-2327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14704812#comment-14704812
]
Barry Books commented on TAP5-2327:
-----------------------------------
I needed httpOnly cookies but Tapestry also uses Jetty 7 for testing so I wrote
a method that uses reflection to see of the httpOnly method is available and
calls it if it's there. This allows you to run in a 2.5 container and use
httpOnly if you are in a 3.0 container.
> The Cookies interface should provide an option to mark cookies as httpOnly
> --------------------------------------------------------------------------
>
> Key: TAP5-2327
> URL: https://issues.apache.org/jira/browse/TAP5-2327
> Project: Tapestry 5
> Issue Type: New Feature
> Components: tapestry-core
> Affects Versions: 5.3.7
> Reporter: Martin Schneider
> Labels: security
>
> Since Servlet 3.0 there is an option to mark cookies as httpOnly via
> javax.servlet.http.Cookie.setHttpOnly(boolean). There should be an option to
> use that in org.apache.tapestry5.services.Cookies. In 5.3.7 the default
> implementation does not set the httpOnly flag.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
