You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@myfaces.apache.org by "Ph. Dinh" <pm...@yahoo.com> on 2013/03/26 18:04:58 UTC
MYFACES-3177
Hi,
Regarding MYFACES-3177 - Add secure flag for cookies if the page is accessed over a secured connection
https://issues.apache.org/jira/browse/MYFACES-3177
What is the rational reason behind this fix? Is there any major issue for not having the Secure flag in the flash cookies when sending in HTTPS? Or is it because most cookies, which are sent in HTTPS, are recommended to have the Secure flag by RFC
As I understand, secured/encrypted connection does encrypt its data (including headers). So even without the secure flag, the cookie will still be encrypted.
Regards,