undefined | Better HN

0 pointswalkon15y ago0 comments

Require SSL on any request who's response sends a set-cookie http header. Leave it out for the non-sensitive request/responses.

0 comments

santry15y ago

You'd still be able to get the cookie when the client sends it bnack to the server on subsequent, non-SSL requests.

It's gotta be SSL all the time.

j / k navigate · click thread line to collapse

0 pointswalkon15y ago0 comments

Require SSL on any request who's response sends a set-cookie http header. Leave it out for the non-sensitive request/responses.

santry15y ago

You'd still be able to get the cookie when the client sends it bnack to the server on subsequent, non-SSL requests.

It's gotta be SSL all the time.

j / k navigate · click thread line to collapse