Which statement describes the effect of the Secure flag on cookies?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the eLearnSecurity Junior Penetration Tester exam with our comprehensive quiz platform. Improve your skills with multiple-choice questions, detailed explanations, and exam tips. Get exam ready with ease!

Multiple Choice

Which statement describes the effect of the Secure flag on cookies?

Explanation:
The Secure flag makes a cookie travel only over secure connections. In practice, if a cookie has the Secure attribute, the browser will include it in requests only when the connection is HTTPS, and it will not be sent on plain HTTP requests. This helps protect the cookie from being captured in transit, because the encryption provided by TLS protects the data between the client and server. The Secure flag does not encrypt the cookie’s contents by itself; encryption is provided by the TLS layer for the entire channel. It also doesn’t affect how long a cookie lasts or which parts of the site it’s sent to—those are controlled by expiration (Expires/Max-Age) and path attributes, respectively. So you’ll see the cookie sent with secure, encrypted requests to the site, but never on non-secure HTTP requests.

The Secure flag makes a cookie travel only over secure connections. In practice, if a cookie has the Secure attribute, the browser will include it in requests only when the connection is HTTPS, and it will not be sent on plain HTTP requests. This helps protect the cookie from being captured in transit, because the encryption provided by TLS protects the data between the client and server.

The Secure flag does not encrypt the cookie’s contents by itself; encryption is provided by the TLS layer for the entire channel. It also doesn’t affect how long a cookie lasts or which parts of the site it’s sent to—those are controlled by expiration (Expires/Max-Age) and path attributes, respectively. So you’ll see the cookie sent with secure, encrypted requests to the site, but never on non-secure HTTP requests.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy