5.1.7 Cookies

For more information on the HTTP cookie state management mechanism, see [RFC2965]. Cookies can be used to store state information about a user in the user's web browser requestor and to optimize the user experience. Because cookies can be used to identify a user's session and to store user information, special care has to be taken with the use of cookies. As specified in [WSFederation1.2] section 16, all cookies are to be set as secure.<93>