Or a better question, since I don't actually want to use sessions:

Why is the JSESSIONID cookie set even though sessions aren't enabled
in appengine-web.xml, per 
http://code.google.com/appengine/docs/java/config/appconfig.html#Enabling%5FSessions

You can get rid of it by adding <%@ page session="false" %> to each
JSP, so this is an academic question I guess.



On Sep 22, 9:33 am, James <[email protected]> wrote:
> Is there a config setting to have this cookie marked as secure (so
> it'll only be sent over SSL)?

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine for Java" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/google-appengine-java?hl=en.

Reply via email to