Could a cookie that was generated with Javascript (not sent in the header by the server) be stolen / used by an attacker?
1 answer
I think you are worried about the "Man in the Middle" . This can happen if you are not using HTTPS with your browser cookie and / or you have mixed media where one of the insecure HTTP requests is sent with a cookie. Make sure it is encrypted with HTTPS and then it's pretty secure (but not impossible to break w / enough processing power).
+1
source to share