What is the main purpose of the Secure attribute in HTTP cookies?
Think about how data security is maintained during transmission.
The Secure attribute tells the browser to send the cookie only over HTTPS connections, protecting it from being sent over unencrypted HTTP where it could be intercepted.
Which of the following best describes the effect of the HttpOnly attribute on a cookie?
Consider how to protect cookies from malicious scripts running in the browser.
The HttpOnly attribute prevents client-side scripts from accessing the cookie, reducing the risk of cross-site scripting (XSS) attacks stealing cookie data.
How does setting the SameSite=Strict attribute affect cookie transmission?
Think about how websites prevent cross-site request forgery (CSRF) attacks.
SameSite=Strict restricts cookies to be sent only with requests from the same site, preventing them from being sent with cross-site requests and thus reducing CSRF risks.
Which statement correctly compares SameSite=Lax and SameSite=Strict cookie settings?
Consider how each setting balances usability and security.
SameSite=Lax is less strict and allows cookies on top-level navigations like clicking a link from another site, while SameSite=Strict blocks cookies on all cross-site requests.
A banking website wants to protect user session cookies from theft and cross-site attacks. Which combination of cookie attributes provides the strongest protection?
Think about encryption, script access, and cross-site request protections together.
Using Secure ensures cookies are sent only over HTTPS, HttpOnly prevents JavaScript access, and SameSite=Strict blocks cross-site requests, together providing strong protection for sensitive session cookies.