myfaces-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ph. Dinh" <pmd1nh-...@yahoo.com>
Subject MYFACES-3177
Date Tue, 26 Mar 2013 17:04:58 GMT
Hi,

Regarding MYFACES-3177 - Add secure flag for cookies if the page is accessed over a secured
connection

https://issues.apache.org/jira/browse/MYFACES-3177

What is the rational reason behind this fix?  Is there any major issue for not having the
Secure flag in the flash cookies when sending in HTTPS?  Or is it because most cookies, which
are sent in HTTPS, are recommended to have the Secure flag by RFC

As I understand, secured/encrypted connection does encrypt its data (including headers). 
So even without the secure flag, the cookie will still be encrypted.

Regards,
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message