juniorWeb Security

What are secure cookies?

Updated May 6, 2026

Short answer

Secure cookies are only sent over HTTPS and help protect session data.

Deep explanation

Flags like Secure, HttpOnly, and SameSite reduce exposure to theft and CSRF attacks.

Real-world example

Login sessions protected from JavaScript access.

Common mistakes

  • Not setting HttpOnly flag.

Follow-up questions

  • What does SameSite do?
  • Can cookies be stolen via XSS?

More Web Security interview questions

View all →