Skip to content
loading...

re: Please Stop Using Local Storage VIEW POST

FULL DISCUSSION
 

You're advocating for cookie-based authentication using sessions (an increasingly dated practice), but do not mention anywhere adding real csrf protection:

From OWASP regarding your SameSite=strict suggestion
github.com/OWASP/CheatSheetSeries/...
Considering the factors above, it is not recommended to be used as a primary defense. Google agrees with this stance and strongly encourages developers to deploy server-side defenses such as tokens to mitigate CSRF more fully.

code of conduct - report abuse