cookies and http, https
Posted June 21, 2011on:
I should have known this a long time ago — i overheard quite some conversations about them in my ex-ex-employer but never really spent time thinking or trying to understand what other people were saying at the time — this proves the point of never being lazy again. Everything you got lazy about will come back and bite you. This is probably the number one lesson I learned in my entire life 🙂 不能懒啊. 一时的懒惰日后都要付出代价的.
Anyway this time, after hours spent in a marathon push, I figured everything out, hopefully. There is a parameter when you set a cookie: secure or not secure. If you mark it secure, then it won’t come back through a http connection. If you don’t mark it secure, it will come back for both http and https connection. That is it.