You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have searched existing issues to ensure the issue has not already been raised
Issue
Hello,
I'm questioning the relevance of checking whether the connection is secure before responding with a secure session cookie, as done here.
To my understanding, this is not the responsibility of the server to choose whether a secure cookie should be sent or not. It is the browser that own the responsibility of using cookies according to their policies. Hence, the cookie should always be set to the response, even though the subsequent unsecure connections cannot use the cookie. Am I missing something ?
Prerequisites
Issue
Hello,
I'm questioning the relevance of checking whether the connection is secure before responding with a
securesession cookie, as done here.To my understanding, this is not the responsibility of the server to choose whether a secure cookie should be sent or not. It is the browser that own the responsibility of using cookies according to their policies. Hence, the cookie should always be set to the response, even though the subsequent unsecure connections cannot use the cookie. Am I missing something ?
References:
Best regards
The text was updated successfully, but these errors were encountered: