Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
nly
5y ago
0 comments
Save
Share
That's not true. Cookies can have a 'secure' attribute which tells the browser to send them only over TLS
0 comments
5 comments · 3 top-level
top
newest
oldest
chc
5y ago
· 1 in thread
But that just makes your login not work if the rest of your site is HTTP, doesn't it?
shkkmo
5y ago
You should not show authenticated pages without HTTPS
eli
5y ago
· 1 in thread
in 2011?
shkkmo
5y ago
Yes
oxplot
5y ago
A secure cookie would be of no use for a site whose only secure page is the login page, which is what the parent post I replied to was talking about.
j
/
k
navigate · click thread line to collapse
