W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2008

Re: HttpOnly

From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 18 Mar 2008 10:33:13 +0100 (CET)
To: ietf-http-wg@w3.org
Message-ID: <Pine.LNX.4.64.0803181030300.7120@yvahk3.pbagnpgbe.fr>

On Tue, 18 Mar 2008, Jim Manico wrote:

> Are there any efforts underway to support the HttpOnly cookie directive 
> within any version of the HTTP Protocol?

1 - Cookies aren't included in RFC2616 at all.

2 - Hardly any implemenations of cookies follow any recent attempts to
     document how cookies should be handled so I doubt writing yet another
     cookie spec update will help much.

Given the history of cookies so far, they are doomed to be adhoc'ed and work 
in a random undocumented fashion... (unless you count the original Netscape 
cookie document a specification).
Received on Tuesday, 18 March 2008 09:33:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:37 GMT