[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: The cookie spec is now RFC 6265
Section 9 contains a wrong claim:
"[...] HttpOnly attribute to the cookie. While this has not yet been standardized by the IETF yet, [...]"
In fact 6265 is a "Standards Track" RFC, which specifies usage of the HttpOnly attribute, see:
http://tools.ietf.org/html/rfc6265#section-5.2.6
-=-=-
All references to RFC 2965 should be updated to RFC 6265.
-=-=-
Please note that the "Session Token Profile" is quite similar in scope to:
http://tools.ietf.org/html/draft-secure-cookie-session-protocol
-=-=-
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]