Skip to content
loading...

Is there anything I should know about cookies as both webdev and end-user?

twitter logo github logo ・1 min read  

So, what do I need help for? -- this -- auth0-spa-js with backend -- in aloud-comments. I am not sure if I could use cookies without by own backend, such as Now.sh or Netlify?

I also know that cookies can be edited on user-side as well, which is made easy by js-cookie.

  • Not sure if even HTTPS cookies are secure, but it should be more secure than localStorage.
  • Can it be intercepted and edited, just like HTTP?
  • Cookies have expiry date. I love that.

About localStorage

  • Can I use localStorage to save tokens for SPA? Will it be any better if I use cookies?

As an end-user...

  • Should I block cookie requests on most website? What will happen if I block cookies on all website? And vice versa?
twitter logo DISCUSS (2)
markdown guide
 

As I know, the cookie cannot be edited capturing the http package, the content is in your browser, as it is localstorage. The thing I can do is steal a cookie, if the server config only trust in cookie id to retrieve session, I can collide the cookie and start navigating as I was you. In principle, localstorage is as safe as it is the hypervisor of the browser, pretty good I think. I love serverless so I don't use cookies anymore in my projects, tokens in localstorage and/or sesessionstorage is fine.

 
Classic DEV Post from Feb 1

What is your morning routine?

So I wanted to try and do at least a post a week, and I didn't have much time to prepare one this wee...

Pacharapol Withayasakpunt profile image
Currently interested in TypeScript, Vue, Kotlin and Python. Looking forward to learning ML, though.

Sore eyes?

dev.to now has dark mode.

Go to the "misc" section of your settings and select night theme ❤️