On 29/03/2013 00:58, Ron Monzillo wrote:
>> A} "Specifies whether any session tracking cookies created
>> by this web application will be marked as secure. When true,
>> all session tracking cookies must be marked as secure independent
>> of the nature of the request that initiated the corresponding session.
>> When false, the session cookie should only be marked secure if the
>> request that initiated the session was secure.
I have no objection to that language. That works with all the scenarios
I can think of. It needs some container specific features to handle some
of the special cases but I think that is fine.
Mark