[owasp-intrinsic-security] HTTPOnly cookie flag

Bil Corry bil at corry.biz
Fri Dec 12 12:14:42 EST 2008

Bil Corry wrote on 11/12/2008 1:04 AM: 
> Jim Manico wrote on 11/11/2008 4:52 PM: 
>> Ideally, I think we want a separate HttpOnly RFC - since so many others
>> specs may need to address it. Can we just start it, or do we need
>> Microsoft to take charge here?
> Then let's start it.

Just an update, we have a draft of the HTTPOnly scope now available to review:


If you have an active interest in participating, our list is here:


- Bil

More information about the owasp-intrinsic-security mailing list