From a WordPress perspective, a number of things can be done to improve security as it relates to cookies.
In an email to eWEEK, open-source WordPress developer Andrew Nacin explained that WordPress segregates its cookies for security.
“The front-end cookie is delivered over HTTP by default and is simply used to identify the user for the purposes of the logged-in toolbar, an edit post link in the theme, etc,” Nacin said. “The admin-only cookie is delivered with the secure flag if the user is forcing the dashboard to be used over SSL.”
The admin-only cookie is required to access the dashboard and change settings, manage posts or edit the user’s profile, Nacin said.