[owasp-intrinsic-security] HTTPOnly cookie flag
bil at corry.biz
Fri Dec 12 12:14:42 EST 2008
Bil Corry wrote on 11/12/2008 1:04 AM:
> Jim Manico wrote on 11/11/2008 4:52 PM:
>> Ideally, I think we want a separate HttpOnly RFC - since so many others
>> specs may need to address it. Can we just start it, or do we need
>> Microsoft to take charge here?
> Then let's start it.
Just an update, we have a draft of the HTTPOnly scope now available to review:
If you have an active interest in participating, our list is here:
More information about the owasp-intrinsic-security