On 3/29/13 5:29 AM, Rémy Maucherat wrote:
> On 03/29/2013 01:55 AM, Ron Monzillo wrote:
>> Specifies whether any session tracking cookies created
>> by this web application will be marked as secure. When true,
>> all session tracking cookies must be marked as secure independent
>> of the nature of the request that initiated the corresponding session.
>> When false, the session cookie should only be marked secure if the
>> request that initiated the session was secure.
> I am not convinced this is the best behavior, but since it's a very
> minor concern +1.
>
> Rémy
>
Remy,
Please propose what you think would be the best behavior.
Ron