Secure Cookie

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

What exactly is a secure Cookie?

print 'Set-Cookie: ' . $cookie . '=' . $value . ';';
print ' expires=' . $Cookie_Exp_Date . ';';
print ' path=' . $Cookie_Path . ';';print ' domain=' . $Cookie_Domain 
+. ';';
print ' secure';
[download]

Comment on Secure Cookie Download Code

Replies are listed 'Best First'.
RE: Secure Cookie by stephen (Priest) on Apr 01, 2000 at 04:06 UTC
Note that Secure Cookies are not secure from the browser. Anyone with access to the user's cookies.txt file (in NS) can read and change the value of the cookie. stephen	[reply]
RE: Secure Cookie by btrott (Parson) on Apr 01, 2000 at 02:54 UTC
From the spec: `If a cookie is marked secure, it will only be transmitted if the communications channel with the host is a secure one. Currently this means that secure cookies will only be sent to HTTPS (HTTP over SSL) servers. If secure is not specified, a cookie is considered safe to be sent in the clear over unsecured channels.` [download] So a secure cookie will only be sent back to the server (from the browser) over an HTTPS connection.	[reply] [d/l]
RE: Secure Cookie by setantae (Scribe) on Apr 02, 2000 at 07:42 UTC
Your quest for wisdom has ended triumphantly above. May I point out however that this belongs in SOPW, as stated at the top of PMD and that if I could vote you down, I would. setantae@eidosnet.co.uk\|setantae\|www.setantae.uklinux.net	[reply]