Y
Hacker News
new
|
ask
|
show
|
jobs
by
collinmanderson
179 days ago
with http-only they can't _steal_ the cookie, but they can still _use_ the cookie. It reduces the impact but doesn't fully solve it.