https://issues.apache.org/bugzilla/show_bug.cgi?id=24739
--- Comment #4 from Andrew Mottaz <and...@site9.net> 2011-02-22 11:58:55 EST --- How can you say there are no valid use cases? Virtually EVERY ecommerce site on the internet supports this behavior. Amazon.com, Apple.com, Dell.com. Basically - whether a session sticks after secure access is based solely on the whim of your first access method? Just give developers control. It can still default to secure - make it programatic to explicitly use insecure. Right now, hundreds of sites have to do a redirect to an insecure page to establish the session. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
