Comments on: Cross-site scripting and HttpOnly attribute

Comments on: Cross-site scripting and HttpOnly attribute http://gustlik.wordpress.com/2008/06/20/cross-site-scripting-and-httponly-attribute/ These go to eleven! Mon, 26 Oct 2009 12:07:52 +0000 http://wordpress.com/ hourly 1 By: Ivan http://gustlik.wordpress.com/2008/06/20/cross-site-scripting-and-httponly-attribute/#comment-72 Ivan Sat, 03 Oct 2009 18:57:14 +0000 http://gustlik.wordpress.com/?p=3#comment-72 Thanks for publishing this. I have been looking for a cross-app-server approach to get the JSESSIONID as an HttpOnly cookie. Having the second HttpOnly factor protect the first is a great workaround. Cheers, Ivan Thanks for publishing this. I have been looking for a cross-app-server approach to get the JSESSIONID as an HttpOnly cookie. Having the second HttpOnly factor protect the first is a great workaround.

Cheers,

Ivan

]]>