Revision as of 03:50, 1 February 2011 view source Pleasancoder (talk \| contribs) 76 edits →HttpOnly Cookie ← Previous edit		Revision as of 03:52, 1 February 2011 view source Pleasancoder (talk \| contribs) 76 edits →Secure and HttpOnly Next edit →
Line 196: ==== Secure and HttpOnly ==== Secure and HttpOnly attributes do not have value field. The existence of the ~~flag~~attribute tells the browser whether the cookie is secure or httponly. A Secure attribute tells the browser to only use this cookie via [[Https\|secure/encrypted]] connections, obviously, web servers should also set this cookie via [[Https\|secure channels]], and therefore anyone eavesdropping your communication would not pick up the cookie.

HTTP cookie: Difference between revisions