On Mon, 19 Jun 2006 10:43:07 -0400, Giampaolo Tomassoni
<[EMAIL PROTECTED]> wrote:
Nah! Search engine don't access https and lazily browsing a site
wouldn't require an https link as well. Nobody would advocate http
support. But, again, when you enter an https there is a reason (a login
or a credit card input form, in example). Once you input this kind of
data, your session then contains private and important data. It must be
protected by then.
You could just as easily clean up after you're all done. Presumably
there's a defined point at which you'd switch from HTTPS to HTTP. If you
know when you want to switch schemes, then you know when you want to purge
sensitive data from the session. Having the session ID at that point
won't really net you anything.
--
Kevin
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
