User talk:PhakE**
Appearance
Recent edit to Secure cookies
[edit]Hello, and thank you for your recent contribution. I appreciate the effort you made for our project, but unfortunately I had to undo your edit because I believe the article was better before you made that change. Feel free to contact me directly if you have any questions. Thank you! — Gareth Griffith-Jones | The Welsh | Buzzard | 09:47, 3 March 2017 (UTC)
- Thank you for reviewing my edits, but I'm confused since I edited factually incorrect information. Leaving the information as is is extremely dangerous, since a lot of web developers have high trust in the information provided on Wikipedia. Since this article relates to security measures in cookies, used by essentially all web sites today, it is important that this is correct.
- The Secure attribute on cookies does not protect the cookie from being read by JavaScript and hence offers no protection at all against Cross Site Scripting (XSS). This is done with the HttpOnly cookie as explained by my edit. This information is also clear on the main HTTP cookie article.
- There exist no built-in mechanism for cookies to achieve Authentication, Confidentiality or Integrity. The Secure attribute provides confidentiality in transit, but not at rest. Therefore I removed this section since this was misleading, an developer would need to implement these feature themselves and that is a topic much bigger than this article.
- Even though somewhat outdated, I expanded the configuration examples to also include the HttpOnly attributes. The SameSite attribute is fairly new and is yet to be supported by most mayor frameworks. This section could need some more work, but at least it's a little bit complete after my edit.
- Again, I thank you for your contribution in keeping Wikipedia clean but I would appreciate if you would undo your revert as soon as possible.
- Done Thank you for your post. Cheers! — Gareth Griffith-Jones | The Welsh | Buzzard | 10:23, 3 March 2017 (UTC)