Categories
Firefox Seguridad XSS

Cookies HttpOnly probablemente para Firefox 3

Finalmente, luego de algo más que cuatro años, se implementó el soporte para cookies con atributo HttpOnly.

HttpOnly cookies were designed by the Internet Explorer developers back in 2002 and implemented in IE 6sp1, unfortunately, uptake among other browsers was extremely slow, and it's been under-utilized in web applications. Well, the Firefox developers finally got around to implementing HttpOnly in Firefox, and Safari currently supports it based on my testing with 2.0.4 (anybody know when it first became supported -- it wasn't earlier last year). Unfortunately, Opera 9.10 still looks like it doesn't support HttpOnly cookies, and the fix in FF won't be public in a stable release until Firefox 3.0, so unless you're comfortable downloading and running the 3.0 alphas (called "Minefield, no less), we still have a ways to go before support becomes more ubiquitous.

Aunque al parecer Firefox 3 todavía no tiene una fecha definida para su versión final, como se comenta en la cita, pueden estar probando las versiones alpha.

One reply on “Cookies HttpOnly probablemente para Firefox 3”

Comments are closed.