[
https://issues.apache.org/jira/browse/TAP5-2327?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15182976#comment-15182976
]
Jochen Kemnade commented on TAP5-2327:
--------------------------------------
If the default implementation does the same regardless of whether I set
{{httpOnly}} to {{true}} or {{false}}, it will look as if it's broken. Maybe we
should discuss switching to servlet-api 3.0.
> The Cookies interface should provide an option to mark cookies as httpOnly
> --------------------------------------------------------------------------
>
> Key: TAP5-2327
> URL: https://issues.apache.org/jira/browse/TAP5-2327
> Project: Tapestry 5
> Issue Type: New Feature
> Components: tapestry-core
> Affects Versions: 5.3.7, 5.4
> Reporter: Martin Schneider
> Attachments:
> 0001-TAP-2327-add-httpOnly-method-to-support-Servlet-3.0.patch,
> 0002-TAP-2327-add-support-for-version-and-comment.patch
>
>
> Since Servlet 3.0 there is an option to mark cookies as httpOnly via
> javax.servlet.http.Cookie.setHttpOnly(boolean). There should be an option to
> use that in org.apache.tapestry5.services.Cookies. In 5.3.7 the default
> implementation does not set the httpOnly flag.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
