W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2008

HTTPOnly Cookies Specification

From: Bil Corry <bil@corry.biz>
Date: Thu, 20 Nov 2008 16:41:26 -0600
Message-ID: <4925E796.8050408@corry.biz>
To: HTTP Working Group <ietf-http-wg@w3.org>

Over on OWASP's Intrinsic Security list, I brought up that HTTPOnly cookies should be better implemented across the major browsers.  Jim Manico replied that he's been actively trying to get the browsers to implement (or better implement) HTTPOnly cookies and it became clear in talking with Yngve Pettersen that the lack of a specification for HTTPOnly was hindering browser vendors.

Out of that, we started a group to discuss and create the HTTPOnly cookie specification.  If you're interested in participating, you can join here:


- Bil
Received on Thursday, 20 November 2008 22:42:18 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:47 UTC