On 30/08/2011 23:46, shing.wai.chan_at_oracle.com wrote:
> I have looked at the use case in more details. When there is load
> balancer, the web container itself may not have enough information to
> validate those port numbers before encoding.
I'm sorry, but I don't understand the point you are making here. Could
you expand please.
Mark
> In this case, I would suggest to just add a method to API so that users
> can check whether the session is secure and do appropriate changes if
> necessary.
>
> Shing Wai Chan