If your website does all communication over SSL, but your cookies don't have the secure attribute set on them would they be sent over SSL anyway or would they instead be sent plaintext?
Cookies are transmitted in the headers during web requests, so if you are using SSL your cookies will be encrypted in transit just like the rest of the data.
edit: It's worth mentioning that the SecureFlag forces the cookies to only be sent over SSL. I don't know what kind of behavior you would see on a non-ssl session with that flag set though.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.