Revision as of 14:07, 5 January 2016 view source Trappist the monk (talk \| contribs) Administrators 494,610 edits m →EU cookie directive: cleanup extra text in page/pages/at parameters; convert some cite journal to cite magazine or news; using AWB ← Previous edit		Revision as of 18:35, 6 January 2016 view source 197.156.86.200 (talk) No edit summary Tag: section blanking Next edit →
Line 38: ===Secure cookie=== A secure cookie can only be transmitted over an encrypted connection (i.e. [[HTTP Secure\|HTTPS]]). This makes the cookie less likely to be exposed to cookie theft via eavesdropping. To accomplish this goal, browsers which support the secure flag will only send cookies with the secure flag when the request is going to a HTTPS page. Said in another way, the browser will not send a cookie with the secure flag set over an unencrypted HTTP request. ~~===HttpOnly cookie===~~ HttpOnly cookies can only be used when transmitted via [[HTTP]] (or [[HTTP Secure\|HTTPS]]). They are not accessible through non-HTTP APIs such as [[JavaScript]]. This restriction eliminates the threat of cookie theft via cross-site scripting (XSS), while leaving the threats of [[cross-site tracing]] (XCT) and [[cross-site request forgery]] (CSRF) intact. ===Third-party cookie===

HTTP cookie: Difference between revisions