Forum Discussion
Stanislas_Piro2
Jun 16, 2015Cumulonimbus
The secure flag does not encrypt the cookie but specify to the browser that the cookie must not be send to the server in an unsecured connection (if the user is redirected to HTTP URL on the same domain)
As the cookie is added as HTTP header of the answer, if the cookie is sent in clear, the whole connection is in clear...
Can you post the virtual server configuration?