Follow-up Comment #8, bug #6694 (project savane):
we = gna.
must = me alive, I want gna to run properly :)
> I mean that I do not want a cookie set via https to be sent
> via plain http. So I suggest using the secure=1 setcookie()
> option in this regard.
That's sensible.
> to https:. With what I suggest, in this case, you are
> considered not logged-in, and you have to manually add a
> 's' to 'http:' in the URL bar.
So in some fashion, it is more secure, correct. On the other hand, it may
puzzle many users. Best would be to keep the session in secure mode but to
have a cookie lisible in non secure that would incitate the user to add the
"s" to http, or even provide him a link, if it is reasonable to think that he
got a session already opened in https.
_______________________________________________________
Reply to this item at:
<http://gna.org/bugs/?func=detailitem&item_id=6694>
_______________________________________________
Message posté via/par Gna!
http://gna.org/
_______________________________________________
Savane-dev mailing list
[email protected]
https://mail.gna.org/listinfo/savane-dev
