Can a secure cookie be set from an insecure HTTP connection? If so, why is it allowed?
With reference to some security paper I read, I found out that a cookie with the secure flag set can only be sent by the client over connections that are using HTTPS, not HTTP, but the cookie itself can be set from the server with a secure… Continue reading Can a secure cookie be set from an insecure HTTP connection? If so, why is it allowed?