Evidently IE allows an HTTP response to overwrite a secure cookie by setting a non-secure cookie of the same name.
2
2
1
Replying to @j4cob
@j4cob @manicode Yes, cookie clobbering is well known, more about security issues with cookies: code.google.com/p/browsersec…

Jul 23, 2011 · 12:50 AM UTC