When a cookie is protected with the ``secure`` attribute set to _true_ it will not be send by the browser over an unencrypted HTTP request and thus cannot be observed by an unauthorized person during a man-in-the-middle attack.
