id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 11037,Support HTTPOnly cookie for HttpResponse.set_cookie,Henrik Vendelbo,nobody,"Most browsers has some support for HTTPOnly cookies. It provides some protection against XSS attacks. [http://www.owasp.org/index.php/HTTPOnly] I've added another optional parameter to the set_cookie method. I also figured that it should be possible to make the sessionid use the flag. ",,closed,HTTP handling,dev,,duplicate,,,Design decision needed,0,0,0,0,0,0