Automated HTTPS Cookie Hijacking | fscked.org

a note from security ppl that session/login cookies that normally delivered via https have to be explisidly marked as "secure" so they _only_ delivered via https. Otherwise bad ppl can hijack them.

Comments are closed.

permalink