--- C:/Documents and Settings/Jim/workspace/tomcat-trunk/java/javax/servlet/http/Cookie.java	(revision 642698)
+++ C:/Documents and Settings/Jim/workspace/tomcat-trunk/java/javax/servlet/http/Cookie.java	(working copy)
@@ -87,6 +87,7 @@ 
     private int maxAge = -1;	// ;Max-Age=VALUE ... cookies auto-expire
     private String path;	// ;Path=VALUE ... URLs that see the cookie
     private boolean secure;	// ;Secure ... e.g. use SSL
+    private boolean httpOnly;	// ;HttpOnly ... e.g. block javascript access
     private int version = 0;	// ;Version=1 ... means RFC 2109++ style
     
     
@@ -336,6 +337,45 @@ 
 
 
     /**
+     * Indicates to the browser whether the cookie can be accessed
+     * via Javascript
+     * 
+     * <p>The default value is <code>false</code>.
+     *
+     * @param flag	if <code>true</code>, sends the cookie with the HttpOnly flag
+     *          preventing some browsers from accessing the cookie data via javascript
+     *			if <code>false</code>, javascript has full access to cookie 
+     *			data in all browsers
+     *
+     * @see #getHttpOnly
+     *
+     */
+ 
+    public void setHttpOnly(boolean flag) {
+	httpOnly = flag;
+    }
+
+
+
+
+    /**
+     * Returns <code>true</code> if the cookie has the httpOnly flag set, 
+     * 				or <code>false</code> if javascript has full access
+     *              to cookie data
+     *
+     * @return	<code>true</code> if the cookie has httpOnly set;
+     * 			 otherwise, <code>false</code>
+     *
+     * @see #setHttpOnly
+     *
+     */
+
+    public boolean getHttpOnly() {
+	return httpOnly;
+    }
+
+
+    /**
      * Indicates to the browser whether the cookie should only be sent
      * using a secure protocol, such as HTTPS or SSL.
      *
@@ -374,8 +414,6 @@ 
 
 
 
-
-
     /**
      * Returns the name of the cookie. The name cannot be changed after
      * creation.