Secure those cookies

One thing I learned about 1.5yrs ago was cookies have a "secure" flag you can put on them. I read a blog just the other day about a way to steal those unsecure cookies even if you are over https. The blog references this paper. Enjoy!