Before we divulge into the possibilities of secure cookies, it is imperative to discuss the history of cookies. For this familiar programming terminology, cookies are not just biscuits that go well with milk. Cookies are small data packets that are exchanged between a web server and a web browser. Like HTTP, the protocol used to access the server is not able to transfer data, web servers took to transfer cookies to ensure there is a transfer of data.
Secure cookies:
Secure cookies, commonly referred to as httpOnly cookies, are cookies that only work for HTTP and HTTPS, hence the name HTTPonly. This set of cookies does not work for scripting languages. For example, secure cookies do not support JavaScript. Secure cookies offer a layer of protection and safety to your internet website. As they are used for HTTP/HTTPS requests, hacking attempts made through scripts like JavaScript or Typescript will be void. Cross-site scripting XSS hacks would be ineffective when secure cookies are in place.
As a secure cookie is defined primarily for its security component, its usage is limited to very secure connections that are often encrypted connections via HTTPS. The two header components of a secure cookie are the set cookie and the cookie. Whilst the set-cookie header creates a secure cookie upon receiving an HTTPS request, the cookie header is a part of the application that sends the request to the server and validates the presence of a secure cookie of the same path as requested.
The essence of a secure cookie is in the integration of the security attribute in place i.e. the effectiveness of the secure cookie headers as well as the HTTPonly flag that restricts access to any non-HTTP sources. Both together are able to completely restrict access to cookie data that is available on the networks/web browsers. This reduces the chances of a scripting hack attack to strike, specifically the XSS attacks that look to target cookies.
There are two types of cookies,
When you open a website and the webserver asks you to allow the browser to accept cookies for that specific website, the cookies could store the data in the web browser either for a long period or for a short one. The permanent, long-term cookies are referred to as Persistent cookies. Whereas the kind that expires upon closing the web page and requires permission the next time you access the page, are referred to as Non- persistent cookies.
To conclude:
Over the internet, cookies hold key information, right from your login ID credentials to your credit card details. If cookies were to be hacked into, there would a serious violation of privacy. To ensure the safety of the webserver from imminent hackers, secure cookies that secure a connection of encryption are preferred whenever the webserver deals with sensitive information.
