[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: The cookie spec is now RFC 6265
Section 9 contains a wrong claim: "[...] HttpOnly attribute to the cookie. While this has not yet been standardized by the IETF yet, [...]" In fact 6265 is a "Standards Track" RFC, which specifies usage of the HttpOnly attribute, see: http://tools.ietf.org/html/rfc6265#section-5.2.6 -=-=- All references to RFC 2965 should be updated to RFC 6265. -=-=- Please note that the "Session Token Profile" is quite similar in scope to: http://tools.ietf.org/html/draft-secure-cookie-session-protocol -=-=-
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]