TL:DR

翻译：博士

document.cookie = "tagname = test;secure";

You have to use HTTPS to set a secure attribute

您必须使用 HTTPS 来设置安全属性

The normal (or formal, maybe) name is attribute. Since the flag refers to other things.

正常（或正式，也许）名称是属性。由于标志是指其他事物。

More Info

更多信息

Cookie attributes:

饼干属性：

Secure - Cookie will be sent in HTTPS transmission only.

HttpOnly- Don't allow scripts to access cookie. You can set both of the Secure and HttpOnly.

Domain- specify the hosts to which the cookie will be sent.

Path - create scopes, cookie will be sent only if the path matches.

Expires - indicates the maximum lifetime of the cookie.

安全 - Cookie 将仅在 HTTPS 传输中发送。

HttpOnly - 不允许脚本访问 cookie。您可以同时设置 Secure 和 HttpOnly。

域 - 指定 cookie 将发送到的主机。

路径 - 创建范围，仅当路径匹配时才会发送 cookie。

Expires - 表示 cookie 的最长生命周期。

More details and practical usages. Check Testing_for_cookies_attributes_(OTG-SESS-002)

更多细节和实际用法。检查Testing_for_cookies_attributes_(OTG-SESS-002)

UPDATESThe following contents expire in June 2, 2016.

更新以下内容于 2016 年 6 月 2 日到期。

Cookie Flags

饼干标志

Cookie flags are prefixes. At the moment, they are described in the RFC draftas a update to the RFC6265

Cookie 标志是前缀。目前，它们在RFC 草案中被描述为对RFC6265的更新

These flags are used with the 'secure' attribute.

这些标志与“安全”属性一起使用。

__Secure-

The dash is a part of the prefix. This flag tells the browser, the cookie should only be included in 'https'.

破折号是前缀的一部分。这个标志告诉浏览器，cookie 应该只包含在“https”中。

__Host-

A cookie with this flag

带有此标志的 cookie

1. must not have 'domain' attribute, it will be only sent to the host which set it.

2. Must have a 'path' attribute, that is set to '/', because it will be sent to the host in every request from the host.

1. 不能有 'domain' 属性，它只会被发送到设置它的主机。

2. 必须有一个 'path' 属性，即设置为 '/'，因为它会在来自主机的每个请求中发送到主机。

because the flag is called secure, not security:

因为调用的是标志secure，而不是安全性：

document.cookie = "tagname = test;secure";