You're right. This seems like a bug. Please file an issue in the issue tracker.
On Wed, Sep 22, 2010 at 9:08 AM, James <[email protected]> wrote: > Or a better question, since I don't actually want to use sessions: > > Why is the JSESSIONID cookie set even though sessions aren't enabled > in appengine-web.xml, per > http://code.google.com/appengine/docs/java/config/appconfig.html#Enabling%5FSessions > > You can get rid of it by adding <%@ page session="false" %> to each > JSP, so this is an academic question I guess. > > > > On Sep 22, 9:33 am, James <[email protected]> wrote: >> Is there a config setting to have this cookie marked as secure (so >> it'll only be sent over SSL)? > > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine for Java" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-appengine-java?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google App Engine for Java" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine-java?hl=en.
