draft-ietf-httpbis-rfc6265bis-01, The "__Secure-" Prefix

HTTP State Management Mechanism
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-01  The "__Secure-" Prefix

|   Whereas the following "Set-Cookie" header would be accepted:
|   Set-Cookie: __Secure-SID=12345; Domain=example.com; Secure


|   While the would be accepted if set from a secure origin (e.g.
|   "https://example.com/"), and rejected otherwise:
|   Set-Cookie: __Secure-SID=12345; Domain=example.com; Secure

Sama than on  The "__Host-" Prefix

There is on

5.3.  Storage Model

|   9.   If the scheme component of the request-uri does not denote a
|        "secure" protocol (as defined by the user agent), and the
|        cookie's secure-only-flag is true, then abort these steps and
|        ignore the cookie entirely.

/ Kari Hurtta

Received on Tuesday, 25 April 2017 17:30:09 UTC