Skip to content
loading...

Is there anything I should know about cookies as both webdev and end-user?

twitter logo github logo ・1 min read  

So, what do I need help for? -- this -- auth0-spa-js with backend -- in aloud-comments. I am not sure if I could use cookies without by own backend, such as Now.sh or Netlify?

I also know that cookies can be edited on user-side as well, which is made easy by js-cookie.

  • Not sure if even HTTPS cookies are secure, but it should be more secure than localStorage.
  • Can it be intercepted and edited, just like HTTP?
  • Cookies have expiry date. I love that.

About localStorage

  • Can I use localStorage to save tokens for SPA? Will it be any better if I use cookies?

As an end-user...

  • Should I block cookie requests on most website? What will happen if I block cookies on all website? And vice versa?
twitter logo DISCUSS (2)
markdown guide
 

As I know, the cookie cannot be edited capturing the http package, the content is in your browser, as it is localstorage. The thing I can do is steal a cookie, if the server config only trust in cookie id to retrieve session, I can collide the cookie and start navigating as I was you. In principle, localstorage is as safe as it is the hypervisor of the browser, pretty good I think. I love serverless so I don't use cookies anymore in my projects, tokens in localstorage and/or sesessionstorage is fine.

 
Classic DEV Post from Jun 17 '19

How to Get Smarter Without Knowing Anything

Extend your brainpower with the internet

Pacharapol Withayasakpunt profile image
Currently interested in TypeScript, Vue, Kotlin and Python. Looking forward to learning ML, though.

dev.to is where software developers stay in the loop and avoid career stagnation.

Sign up (for free)