Today's project involves the issue of cross-domain delivery of cookies, and hence the understanding of a property--secure of a cookie.
As the name implies, this attribute is used to guarantee the security of cookies.
When the secure property is set to true, cookies can be uploaded to the server only under the HTTPS protocol, but not under the HTTP protocol, so they are not bugged.
In simple practice, the Chrome browser opens https://www.baidu.com and http://www.baidu.com, opening the console separately (the console in the HTTPS page is console1,http as Console2)
1. Enter the following code in CONSOLE1 first
Document.cookie = "Name=ex;expires=60*24*7;secure=true";
Then, open the resources and you'll see that the corresponding fields have been recorded in the cookie
2. Do the same in Console2, then go to see the HTTP protocol under the resources of the Baidu page, you will find that the name field is not uploaded to the server
3. What if I set the secure to false?
Baidu This article as an example, set to false the result is no matter which agreement you under the Baidu page set cookie, then on both sides of the Baidu page of the cookie can see the field.
It also implements the cross-protocol transfer of the cookie, but at the same time there is a certain chance of being tapped.
The secure attribute of the cookie