问题
I am developing an Android application where I have to maintain session. There are two websites that I need to log into.
For one website, when I get cookies from Cookie Store I get cookie.isSecure=true.
For other website, I get cookie.isSecure=false.
I would like to know what is the difference between Secure and Insecure cookies?
Would the browser behavior change with this value?
回答1:
A secure cookie instructs the browser that the cookie may only be sent to the server when connecting through SSL.
These are sites where the URL starts with https:// (note the s after http)
An insecure cookie will be sent to both http:// and https:// connections.
This mechanism ensures that session cookies (if set as secure) will always be encrypted in order to prevent eavesdropping.
来源:https://stackoverflow.com/questions/8543866/difference-between-secure-and-insecure-cookies