|
|
|
|
|
|
by littlecranky67
1107 days ago
|
|
|
> Auth with local storage can be quite nice With the `SameSite=strict` option on modern browsers and the `HttpOnly` (plus `Secure` to only run in SSL secured context), Cookies are more secure and the way to go instead of storing credentials anywhere accessible from within JavaScript. Before SameSite=strict, cookies were a security nightmare and often resultet in XSRF attacks, and required XSRF mitigations (like xsrf tokens), but this is no longer the case as all modern browsers support it. |
|
|