2012/5/8 Alexander Kludt <[email protected]> > > Not if you want to transfer a session between https and http connections > e.g. when going back from checkout to the shop listing.
This should only be the case, if the cookie secure attribut is set and the current request is issued via https, this is normaly not the case, because the cookie is set before the user processes the checkout. > Cookies will only be valid for a given domain, and this includes the > protocol. This is wrong. See: http://tools.ietf.org/html/rfc6265#section-8.5 _______________________________________________ dev-general mailing list [email protected] http://dir.gmane.org/gmane.comp.php.oxid.general
