Or a better question, since I don't actually want to use sessions: Why is the JSESSIONID cookie set even though sessions aren't enabled in appengine-web.xml, per http://code.google.com/appengine/docs/java/config/appconfig.html#Enabling%5FSessions
You can get rid of it by adding <%@ page session="false" %> to each JSP, so this is an academic question I guess. On Sep 22, 9:33 am, James <[email protected]> wrote: > Is there a config setting to have this cookie marked as secure (so > it'll only be sent over SSL)? -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
