Cookie parameters

In addition to the name and value of the cookie, there are several other parameters set by the web server that defines the reach and availability of the cookie, as shown in the following response header:

The following are details of some of the parameters:

• Domain: This specifies the domain to which the cookie would be sent.
• Path: To lock down the cookie further, the Path parameter can be specified. If the domain specified is email.com and the path is set to /mail, the cookie would only be sent to the pages inside email.com/mail.
• HttpOnly: This is a parameter that is set to mitigate the risk posed by Cross-site Scripting (XSS) attacks, as JavaScript won't be able to access the cookie.
• Secure: If this is set, the cookie must only be sent over secure communication channels, namely SSL and TLS.
• Expires: The cookie will be stored until the time specified in this parameter.