I understand that we can do "<@ofbizUrl secure="true">logout</@ofbizUrl>". But that really looks like a workaround. Is it wrong to call "logout" in http, rather than in https? For efficiency, we often want only the login page in https, and the inside pages in http.
If you wanna fix this, it's in RequestHandler.java line 129. Jonathon
