id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
11037	Support HTTPOnly cookie for HttpResponse.set_cookie	Henrik Vendelbo	nobody	"Most browsers has some support for HTTPOnly cookies. It provides some protection against XSS attacks.
[http://www.owasp.org/index.php/HTTPOnly]

I've added another optional parameter to the set_cookie method. I also figured that it should be possible to make the sessionid use the flag. 

"		closed	HTTP handling	dev		duplicate			Design decision needed	0	0	0	0	0	0