In the cookie component there is: $secure = false
If set to true, it will only allow you to write a cookie if the connect is through an HTTPS connection. But this flag has no impact on reading cookies. The component provides not method for ensuring that a cookie is only read under an SSL connection. Am I misunderstanding something? If we secure the writing of the cookie, don't we also need to secure the reading of that same cookie to prevent hijacking? Can someone explain why this SSL check for reading cookies isn't in the Component code? -Aran --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---