[owasp-intrinsic-security] HTTPOnly cookie flag

Bil Corry bil at corry.biz
Fri Dec 12 12:14:42 EST 2008


Bil Corry wrote on 11/12/2008 1:04 AM: 
> Jim Manico wrote on 11/11/2008 4:52 PM: 
>> Ideally, I think we want a separate HttpOnly RFC - since so many others
>> specs may need to address it. Can we just start it, or do we need
>> Microsoft to take charge here?
> 
> Then let's start it.

Just an update, we have a draft of the HTTPOnly scope now available to review:

	http://docs.google.com/View?docid=dxxqgkd_0cvcqhsdw

If you have an active interest in participating, our list is here:

	http://groups.google.com/group/ietf-httponly-wg


- Bil



More information about the owasp-intrinsic-security mailing list