Closed chrisboyle closed 14 years ago
This app uses secure sessions, i.e. the session cookie has the secure flag set and will only be sent over SSL, but I'm still seeing pointless Set-Cookie headers for the session when I make a non-SSL request.
Fixed by commit 6f6b2f950fc6f21aaeb073e410d7b96552401f1f.
This app uses secure sessions, i.e. the session cookie has the secure flag set and will only be sent over SSL, but I'm still seeing pointless Set-Cookie headers for the session when I make a non-SSL request.