Can a cookie be made in HTTPS, and used in HTTP if secure is false?

Can a cookie be made in HTTPS, and used in HTTP if secure parameter of the cookie is set false? I have a website where I only require a 开发者_运维技巧single page to be in HTTPS, such as the login or maybe a special feature page.

I assume that the cookie will be (safe as it is transfered with SSL) although sent back as non-hashed when on a non-SSL page, is safe to assume so?

In short: yes.

Setting a cookie on an SSL secured response, but leaving out the secure flag, will make the cookie behave no different than if it was transferred over a non-SSL connection.

A cookie can be used on either HTTP or HTTPS unless it's marked a secure. If marked as secure the browser will only send it if the current request is on HTTPS.

If your current request is HTTP then cookie will be sent "in-the-clear" and may be able to be intercepted by a man-in-the-middle or by someone sniffing traffic. Google "firesheep" for an example of why this can be bad.