In the schema, web-common_3_1.xsd (and web-common_3_0.xsd), we have the
following
<xsd:element name="secure"
type="javaee:true-falseType"
minOccurs="0">
<xsd:annotation>
<xsd:documentation>
Specifies whether any session tracking cookies created
by this web application will be marked as secure
even if the request that initiated the corresponding session
is using plain HTTP instead of HTTPS
</xsd:documentation>
</xsd:annotation>
</xsd:element>
When it is HTTPS and secure = false, we have a cookie with Secure
attribute in our implementation.
Do we need any clarification in the above description?
Shing Wai Chan