Cookies aren’t just for sessions — they’re your app’s memory. But they must be secure.
🔐 What you’ll learn:
- Set cookies with HttpOnly, Secure, and SameSite
- Store lookup keys only — real data lives on the backend
- Encrypt & sign with securecookie (AES + MAC)
- CSRF protection done right
- Stateless vs session auth: when to pick JWT, when not
💡 Bonus tips:
- Kill a cookie with MaxAge: -1
- How domains & Path influence visibility
- Avoid cookie tossing attacks
Top comments (0)