Use secure and http flag on cookies everywhere

> A cookie with the Secure attribute is only sent to the server with
> an encrypted request over the HTTPS protocol. It's never sent with
> unsecured HTTP (except on localhost), which means man-in-the-middle
> attackers can't access it easily. Insecure sites (with http: in the
> URL) can't set cookies with the Secure attribute. However, don't
> assume that Secure prevents all access to sensitive information in
> cookies. For example, someone with access to the client's hard disk
> (or JavaScript if the HttpOnly attribute isn't set) can read and
> modify the information.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#block_access_to_your_cookies

0 files changed, 0 insertions, 0 deletions