WebApp Sec mailing list archives

Cookie Secure Attribute - Clarification

From: John Wilander <john.wilander () owasp org>
Date: Sat, 27 Feb 2010 12:44:50 +0100

2010/2/26 arvind doraiswamy <arvind.doraiswamy () gmail com>


A little bit of clarification needed about the 'Secure' attribute to
be set in a Cookie.


 Hi Arvind!

Just to be sure:

1. Is the problem that your web server sends secure cookies to the
client over http (i e in cleartext)?
2. Is the problem that the client's browser sends secure cookies back
to the server over http?
3. Is the problem both of the above?

If the web server is (part of) the problem, could you tell us which
one you're using?

   Regards, John


--
John Wilander
Chapter leader OWASP Sweden
Conference chair OWASP AppSec Research 2010
http://www.owasp.org/index.php/OWASP_AppSec_Research_2010_-_Stockholm,_Sweden



This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

Current thread:

Cookie Secure Attribute - Clarification arvind doraiswamy (Feb 27)
- Message not available
  - Re: [Webappsec] Cookie Secure Attribute - Clarification arvind doraiswamy (Feb 27)
- Message not available
  - Cookie Secure Attribute - Clarification John Wilander (Feb 27)
    - Re: Cookie Secure Attribute - Clarification arvind doraiswamy (Feb 28)
    - Re: Cookie Secure Attribute - Clarification 51l3n73y3s (Mar 01)
- Re: Cookie Secure Attribute - Clarification 51l3n73y3s (Feb 27)