Insufficient Cookie Access Control can be avoided by properly setting cookie attributes. These attributes can then be used by the user-agent when determining cookie access rights. The “secure” attribute makes sure that the cookie will only be sent with requests made over an encrypted connection so that an attacker won’t be able to steal cookies by sniffing. The “domain” attribute signifies the domain for which the cookie is valid and can be submitted with every request for this domain or its subdomains. The “path” attribute signifies the URL or path for which the cookie is valid.