Subscribe

• Subscribe by Email
• Subscribe using any feed reader!
• Subscribe via RSS
• Subscribe to comments via RSS

Recent Posts

• Our Daily Beatles
• Multicolr
• RESTful Web Services Development Checklist
• Cute little vibrobot
• Escape the Circus
• Global Consciousness Project Dot
• Ecstasy and loud music affects rat sex life
• The Perl Foundation has migrated Perl 5 to the Git version control system
• We can use IE again !!
• Kast en sko på Bush
• Scientists extract images directly from brain
• I like to do this
• Amero the currency of The New World Order ??
• Man lives with Female Robot
• Giant crab on a garbage can
• The Elements
• Animusic
• We Need a Global Carbon Tax ?
• “Bailout” a rescue from financial distress
• Earth City Light

Categories

• Blogs
• Gadget
• Import
• Links
• Local News
• MARTINIC
• Music
• News
• nRing DB
• OpenSignOn
• Perl
• Photos
• Pictures
• Podcast
• Uncategorized
• Video
• Web Development

Archives

• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008
• December 2007
• November 2007
• October 2007
• September 2007
• July 2007
• June 2007

Links

• Inga Broerse
• kacokijk
• Milo Broerse
• My delicious page

Meta

• Log in

P3P Cookies

September 6th, 2008   Tagged Cookies, P3P
Posted in OpenSignOn, Web Development  

If we use the HTTPOnly flag for XSall perhaps we also have to add P3P headers. Just studying the topic now. Here are some links: P3P, Cookies and IE6.0: A Case Study Don’t get trapped by mixed headers

HTTPOnly ?

September 2nd, 2008   Tagged Cookies, OpenSignOn, OpenSignOn
Posted in OpenSignOn, Web Development  

The XSall implementation of OpenSignOn is not using the HTTPOnly flag now. I don’t see any XSS problems but perhaps it would not hurt to implement it. An extra wall always helps.