|
|
|
|
|
|
by brabel
580 days ago
|
|
|
And I feel like it's important to expand on the fact that Cookies are visible to JS by default as well, except if the Cookie has the `HttpOnly` attribute set. Obviously, for auth, you absolutely want the session cookie to have both the `Secure` and `HttpOnly` attributes. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#bl... |
|
|