- HTTP Cookie, with "Secure" will be returned only on HTTPS connections (pointless to do this)
- HTTPS Cookie, with "Secure" will be returned only on HTTPS connections
- HTTP Cookie, without "Secure" will be returned on HTTP or HTTPS connections
- HTTPS Cookie, without "Secure" will be returned on HTTP or HTTPS connections (could leak secure information)
Reference:
http://stackoverflow.com/questions/2163828/reading-cookies-via-https-that-were-set-using-http
RFC2965 3.3
沒有留言:
張貼留言