tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 24739] Control of secure flag when establishing sessions through https using cookies
Date Tue, 22 Feb 2011 16:59:26 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=24739

--- Comment #5 from Andrew Mottaz <andrew@site9.net> 2011-02-22 11:59:24 EST ---
How can you say there are no valid use cases?  Virtually EVERY ecommerce site
on the internet supports this behavior.  Amazon.com, Apple.com, Dell.com. 
Basically - whether a session sticks after secure access is based solely on the
whim of your first access method?  Just give developers control.  It can still
default to secure - make it programatic to explicitly use insecure.  Right now,
hundreds of sites have to do a redirect to an insecure page to establish the
session.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message