https://thoughtbot.com/blog/lucky-cookiesarrow-up-right
general https://www.youtube.com/watch?v=sovAIX4doOEarrow-up-right
https://www.youtube.com/watch?v=aUF2QCEudPoarrow-up-right
Document.cookie (client side)
set-cookie header (server side)
Per domain
Per scope
Session cookie
no expires or max-age, once browser close they are “deleted” browsers are being smart and keep them though
permanent cookie
set max-age
httponly cookie
cannot be accessed with document.cookie
secure cookie
only acceptable with https
Third party cookie
page references another page, gets its own cookies.
Third Party Cookies https://www.youtube.com/watch?v=m4vatwFryI8arrow-up-right
Zombie Cookies
recreted even after users delete them, e-tags from the server
cross site request forgery
inject XSS script
Stealing cookies
Last updated 5 years ago