You're right.  This seems like a bug.

Please file an issue in the issue tracker.

On Wed, Sep 22, 2010 at 9:08 AM, James <[email protected]> wrote:
> Or a better question, since I don't actually want to use sessions:
>
> Why is the JSESSIONID cookie set even though sessions aren't enabled
> in appengine-web.xml, per 
> http://code.google.com/appengine/docs/java/config/appconfig.html#Enabling%5FSessions
>
> You can get rid of it by adding <%@ page session="false" %> to each
> JSP, so this is an academic question I guess.
>
>
>
> On Sep 22, 9:33 am, James <[email protected]> wrote:
>> Is there a config setting to have this cookie marked as secure (so
>> it'll only be sent over SSL)?
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Google App Engine for Java" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to 
> [email protected].
> For more options, visit this group at 
> http://groups.google.com/group/google-appengine-java?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Google App Engine for Java" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/google-appengine-java?hl=en.

Reply via email to