On the same subject from a J2EE perspective
http://gustlik.wordpress.com/2008/06/20/cross-site-scripting-and-httponly-attribute/
On the same subject from a J2EE perspective
http://gustlik.wordpress.com/2008/06/20/cross-site-scripting-and-httponly-attribute/