Cookies set via HTTP may be used to bypass HTTPS and reveal private informationkb.cert.org1 pointprogramd11 years ago