rspec/rules/S2092/description.adoc


			
				
					
						
						
						
							
							
							When a cookie is protected with the ``++secure++`` attribute set to _true_ it will not be send by the browser over an unencrypted HTTP request and thus cannot be observed by an unauthorized person during a man-in-the-middle attack. 

						
						
					
				
				
					
						Reference in New Issue
					
					View Git Blame
					Copy Permalink