Revision as of 18:35, 6 January 2016 view source 197.156.86.200 (talk) No edit summary Tag: section blanking ← Previous edit		Revision as of 19:53, 6 January 2016 view source Rwessel (talk \| contribs) Extended confirmed users, Pending changes reviewers 7,337 edits Reverted 1 pending edit by 197.156.86.200 to revision 698339744 by Trappist the monk: Unexplained removal of content Next edit →
Line 38: ===Secure cookie=== A secure cookie can only be transmitted over an encrypted connection (i.e. [[HTTP Secure\|HTTPS]]). This makes the cookie less likely to be exposed to cookie theft via eavesdropping. To accomplish this goal, browsers which support the secure flag will only send cookies with the secure flag when the request is going to a HTTPS page. Said in another way, the browser will not send a cookie with the secure flag set over an unencrypted HTTP request. ===HttpOnly cookie=== HttpOnly cookies can only be used when transmitted via [[HTTP]] (or [[HTTP Secure\|HTTPS]]). They are not accessible through non-HTTP APIs such as [[JavaScript]]. This restriction eliminates the threat of cookie theft via cross-site scripting (XSS), while leaving the threats of [[cross-site tracing]] (XCT) and [[cross-site request forgery]] (CSRF) intact. ===Third-party cookie===

HTTP cookie: Difference between revisions