Hello,
You folks rock - I have used Tomcat at Sun for many projects - it's been rock solid. I'd like to add something back to the community. I'm hot on adding support for the HTTPONLY cookie flag for security purposes now that IE and Tomcat support it for XSS and other security protections. 1) Can I add this to both 5.5 and 6 as a Session Manager option? 2) Where do you recommend I start? 3) Should I post my code samples to the list before I check in? This is my first time contributing to Tomcat, any guidance to get me started would be greatly appreciated. Best, Jim Manico
