My site is using https to transport data,and I scan it by appscan ,it told me that Set-cookie not secure ,but cookie is secure. so what is the difference between Set-Cookie and cookie .
1 Answer
Your server controls the Set-Cookie header, so if a browser does not provide the Cookie header, the server can decide to send a Set-Cookie. Then your browser decides to accept the cookie by sending back a Cookie header for the server to use. For example, if you have cookies disabled on the browser, it will not send back the Cookie header to the server.
The "Set-Cookie" header is sent from the web server and the browser sends the cookie back to the server in an HTTP header called "Cookie"