DEV Community

Discussion on: JWT Authentication Best Practices

branislavlazic profile image
Branislav Lazic • Edited on

No it won't. That's why we have "Domain" attribute. A cookie will not be sent if our server, and malicious one, don't share the same domain: developer.mozilla.org/en-US/docs/W....