id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
3304	"[patch] Support ""httponly""-attribute in session cookie."	arvin	nobody	"The cookie used for the session id should get the ""httponly""-attribute to mitigate XSS.
See [http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp].
"	enhancement	closed	Core (Other)	dev	normal	fixed	session security	sam@… jedie Jari Pennanen andy@… johann@… james@…	Accepted	1	0	1	0	0	0