X Zheng, J Jiang, J Liang,
H Duan, S Chen… - 24th USENIX Security …, 2015 - usenix.org
A cookie can contain a “secure” flag, indicating that it should be only sent over an HTTPS
connection. Yet there is no corresponding flag to indicate how a cookie was set: attackers …