Cookie Security
If you are running a TYPO3 installation that makes use of SSL, the following feature will enhance your website’s security. You probably know that the HTTP protocol is stateless and therefore sessions try to solve that problem. TYPO3 uses cookies to exchange session identifiers between server and client.
For example, currently when you are running TYPO3 backend with SSL (HTTPS) enabled and call the backend, the server will issue a cookie with the session ID. This cookie will be transferred over a secured/encrypted channel that prevents an eavesdropper from reading the session ID from the cookie. If you call the backend again using standard (insecure) HTTP, your client will transfer the same cookie with the session ID exposed in plain-text for everyone who is sniffing your traffic.
Now, with feature #7461 (‘transfer cookies via SSL only