loading...

Is there anything I should know about cookies as both webdev and end-user?

patarapolw profile image Pacharapol Withayasakpunt ・1 min read

So, what do I need help for? -- this -- auth0-spa-js with backend -- in aloud-comments. I am not sure if I could use cookies without by own backend, such as Now.sh or Netlify?

I also know that cookies can be edited on user-side as well, which is made easy by js-cookie.

  • Not sure if even HTTPS cookies are secure, but it should be more secure than localStorage.
  • Can it be intercepted and edited, just like HTTP?
  • Cookies have expiry date. I love that.

About localStorage

  • Can I use localStorage to save tokens for SPA? Will it be any better if I use cookies?

As an end-user...

  • Should I block cookie requests on most website? What will happen if I block cookies on all website? And vice versa?

Discussion

pic
Editor guide
 

As I know, the cookie cannot be edited capturing the http package, the content is in your browser, as it is localstorage. The thing I can do is steal a cookie, if the server config only trust in cookie id to retrieve session, I can collide the cookie and start navigating as I was you. In principle, localstorage is as safe as it is the hypervisor of the browser, pretty good I think. I love serverless so I don't use cookies anymore in my projects, tokens in localstorage and/or sesessionstorage is fine.