cookies-over-http-bad icon indicating copy to clipboard operation
cookies-over-http-bad copied to clipboard

Published 20 hours ago verified publisher icon mikewest

Mention impact on document.cookie

Open ericlaw1979 opened this issue 7 years ago • 0 comments

Current phrasing like

those cookies which would actually be sent over HTTP

etc.

talks all about sending a Cookie header, but we should be clear that this applies to document.cookie as well?

We also may want to clarify that deletion of a cookie lacking a SECURE attribute also impacts that cookie when a HTTPS request is made?

ericlaw1979 avatar Apr 30 '18 19:04 ericlaw1979