Because the browser won't hand the cookie back to Cake over a non-SSL connection anyway if it's been set as secure cookie(?).
On 10 Jun 2008, at 13:57, aranworld wrote: > > In the cookie component there is: > > $secure = false > > If set to true, it will only allow you to write a cookie if the > connect is through an HTTPS connection. > > But this flag has no impact on reading cookies. The component > provides not method for ensuring that a cookie is only read under an > SSL connection. > > Am I misunderstanding something? If we secure the writing of the > cookie, don't we also need to secure the reading of that same cookie > to prevent hijacking? > > Can someone explain why this SSL check for reading cookies isn't in > the Component code? > > -Aran > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
