[
https://issues.apache.org/jira/browse/TAP5-2327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15157307#comment-15157307
]
Barry Books commented on TAP5-2327:
-----------------------------------
I don't think I can update the version number but this is still a problem in
5.4. To fix this the following should be added to the CookieBuilder class:
protected boolean httpOnly;
public CookieBuilder setHttpOnly(boolean httpOnly) {
this.httpOnly = httpOnly;
return this;
}
The current CookiesImpl service will continue to work as is for servlet 2.5 but
I will be possible to override it with a version for servlet 3.0
> The Cookies interface should provide an option to mark cookies as httpOnly
> --------------------------------------------------------------------------
>
> Key: TAP5-2327
> URL: https://issues.apache.org/jira/browse/TAP5-2327
> Project: Tapestry 5
> Issue Type: New Feature
> Components: tapestry-core
> Affects Versions: 5.3.7
> Reporter: Martin Schneider
> Labels: bulk-close-candidate
>
> Since Servlet 3.0 there is an option to mark cookies as httpOnly via
> javax.servlet.http.Cookie.setHttpOnly(boolean). There should be an option to
> use that in org.apache.tapestry5.services.Cookies. In 5.3.7 the default
> implementation does not set the httpOnly flag.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
