Secure Your Cookies

View on Twitter

💡 Working with cookies? Don't forget to secure them:

👉🏼 HttpOnly — no access from JavaScript (document.cookie API)
👉🏼 Secure — send cookie over HTTPS only
👉🏼 SameSite (Strict/Lax) — send only when current URL matches cookie URL