Y
Hacker News
new
|
ask
|
show
|
jobs
by
santry
5710 days ago
You'd still be able to get the cookie when the client sends it bnack to the server on subsequent, non-SSL requests.
It's gotta be SSL all the time.