Revision as of 02:57, 29 May 2011 view source Pleasancoder (talk \| contribs) 76 edits m →Secure and HttpOnly: minor clarification ← Previous edit		Revision as of 03:08, 29 May 2011 view source Pleasancoder (talk \| contribs) 76 edits m →Network eavesdropping: use new RFC reference Next edit →
Line 256: An attacker could use intercepted cookies to impersonate a user and perform a malicious task, such as transferring money out of the victim’s bank account. This issue can be resolved by securing the communication between the user's computer and the server by employing [[Transport Layer Security]] ([[HTTPS]] protocol) to encrypt the connection. A server can specify the ''Secure'' flag while setting a cookie, which will cause the browser to send the cookie only over an encrypted channel, such as an SSL connection.<ref~~>[http://www.w3.org/Protocols/rfc2109/rfc2109 HTTP~~ ~~State~~name="httponlyrfc" ~~Management].<~~/~~ref~~> === Publishing false sub-___domain – DNS cache poisoning ===

HTTP cookie: Difference between revisions