On 25/08/2011 20:28, Shing Wai Chan wrote:
> Suppose no cookie is allowed.
> And we would like to encode a http URL.
> Web container may like to know whether the session is secure or not
> before appending jsessionid parameter.
If this is just adding the method to the API then I have no objections.
If there are also spec changes proposed to if/when session IDs are
encoded (as opposed to container specific features) then I'd like to see
full details before commenting.
Mark
>
> Shing Wai Chan
>
>>
>> -------- Original Message --------
>> Subject: [jsr340-experts] Re: HttpSession#isSecure ?
>> Date: Thu, 25 Aug 2011 10:25:40 +0100
>> From: Mark Thomas <markt_at_apache.org> <mailto:markt_at_apache.org>
>> Reply-To: jsr340-experts_at_servlet-spec.java.net
>> <mailto:jsr340-experts_at_servlet-spec.java.net>
>> To: jsr340-experts_at_servlet-spec.java.net
>> <mailto:jsr340-experts_at_servlet-spec.java.net>
>>
>>
>>
>> On 25/08/2011 02:06, Shing Wai Chan wrote:
>> > One can check whether a cookie or request is secure by invoking isSecure().
>> > I propose to add the following to interface javax.servlet.http.HttpSession
>> > public boolean isSecure();
>> >
>> > This will allow us to check whether a session is created through http or
>> > https.
>> > Any comment?
>>
>> What is the use case?
>>
>> Mark
>