On 03/29/2013 03:23 PM, Ron Monzillo wrote:
> On 3/29/13 5:29 AM, Rémy Maucherat wrote:
>> On 03/29/2013 01:55 AM, Ron Monzillo wrote:
>>> Specifies whether any session tracking cookies created
>>> by this web application will be marked as secure. When true,
>>> all session tracking cookies must be marked as secure independent
>>> of the nature of the request that initiated the corresponding session.
>>> When false, the session cookie should only be marked secure if the
>>> request that initiated the session was secure.
>> I am not convinced this is the best behavior, but since it's a very
>> minor concern +1.
>>
>> Rémy
>>
> Remy,
>
> Please propose what you think would be the best behavior.
Well, allowing explicit configuration as non secure for a proxy scenario
looked like a small plus to me. But I didn't feel like it was worth
arguing it, and there are arguments against it too, so you got my +1.
Rémy