Closes lift#992. Flag for Http Only cookies and the feature will only…

… work in Servlet 3.0 containers

web/webkit/src/main/scala/net/liftweb/http/provider/HTTPCookie.scala

@@ -36,12 +36,20 @@ case class HTTPCookie(name: String,
                       path: Box[String],
                       maxAge: Box[Int],
                       version: Box[Int],
-                      secure_? : Box[Boolean]) extends java.lang.Cloneable {
+                      secure_? : Box[Boolean],
+                       httpOnly: Box[Boolean] = Empty) extends java.lang.Cloneable {
   override def clone(): HTTPCookie = {
     super.clone()
-    new HTTPCookie(name, value, domain, path, maxAge, version, secure_?)
+    copy()
   }
 
+  /**
+   * Returns a new HTTPCookie that preserve existing member values but sets the httpOnly attribute
+   * @param flagHttpOnly - should the cookie be flagged as HTTP Only (only works in Servlet 3.0 containers)
+   * @return HTTPCookie
+   */
+  def setHttpOnly(flagHttpOnly: Boolean): HTTPCookie = copy(httpOnly = Full(flagHttpOnly))
+
   /**
    * Returns a new HTTPCookie that preserve existing member values but sets the cookie value to newValue
    * @param newValue - the new cookie value

web/webkit/src/main/scala/net/liftweb/http/provider/servlet/HTTPResponseServlet.scala

@@ -37,6 +37,16 @@ class HTTPResponseServlet(resp: HttpServletResponse) extends HTTPResponse {
       c.maxAge map (cookie.setMaxAge(_))
       c.version map (cookie.setVersion(_))
       c.secure_? map (cookie.setSecure(_))
+      c.httpOnly.foreach {
+        bv =>
+        try {
+          val cook30 = cookie.asInstanceOf[{def setHttpOnly(b: Boolean): Unit}]
+          cook30.setHttpOnly(bv)
+        } catch {
+          case e => // swallow.. the exception will be thrown for Servlet 2.5 containers but work for servlet
+          // 3.0 containers
+        }
+      }
       resp.addCookie(cookie)
   }