1. What is a Cookie?
- A cookie is a small piece of data stored by the browser.
- Set by the server β sent to the client β stored β sent back with every request.
- Used for:
- Session management (login tokens, shopping carts).
- Personalization (language, theme).
- Tracking (analytics, ads).
π Example:
HTTP Response:
Set-Cookie: session=abc123; Path=/; Secure; HttpOnly; SameSite=Strict
Next Request:
Cookie: session=abc123
2. Important Cookie Attributes (Flags)
πΉ HttpOnly
- Prevents JavaScript from accessing the cookie (
document.cookie).
- Protects against XSS stealing session cookies.
β
Example:
Set-Cookie: session=abc123; HttpOnly
π Now JS canβt steal it using alert(document.cookie).
πΉ Secure
- Cookie is only sent over HTTPS (not plain HTTP).
- Protects against MITM attacks where cookies might leak in plaintext.
β
Example: