Session Cookie Set over Non-HTTPS Connection

Session cookie set over Non-HTTPS connection

Session cookie set over Non-HTTPS connection can lead to a Man in the Middle attack and cookie data can be stolen. Cookie values can be sniffed by an attacker. This later can be used to impersonate the authenticated user and gain unauthorized access.

The general recommendation is to set the Session cookie over HTTPS (secure connection)