Cookies: Cookies security

`Secure`

Adding the Secure parameter makes sure the cookie can only be transmitted securely over HTTPS, and it will not be sent over unencrypted HTTP connections:

document.cookie = 'name=Flavio; Secure;'

Note that this does not make cookies secure in any way - always avoid adding sensitive information to cookies

`HttpOnly`

One useful parameter is HttpOnly, which makes cookies inaccessible via the document.cookie API, so they are only editable by the server:

document.cookie = 'name=Flavio; Secure; HttpOnly'

`SameSite`

SameSite lets servers require that a cookie is not sent on cross-site requests, but only on resources that have the cookie domain as the origin, which should be a great help towards reducing the risk of CSRF (Cross Site Request Forgery) attacks.

Lessons in this unit:

0:	Introduction
1:	Setting cookies
2:	Setting a cookie expiration date
3:	Setting a cookie path
4:	Setting a cookie domain
5:	▶︎ Cookies security
6:	Updating a cookie
7:	Deleting a cookie
8:	Accessing the value of a cookie
9:	Checking if a cookie exists
10:	Inspecting cookies

Coming soon: Git Masterclass, JavaScript Masterclass and BOOTCAMP