Cookies and Sessions

← Back to HTTP

Mechanisms for maintaining state in the stateless HTTP protocol. Cookies are small data pieces stored by the browser and sent with every request. Sessions use a server-side store with a session ID cookie. Security flags: SameSite (CSRF protection), Secure (HTTPS only), HttpOnly (no JavaScript access).

Key Properties

• SameSite Flag
• Secure and HttpOnly Flags
• Session Management

Related

• HTTP Headers (Set-Cookie and Cookie headers)
• Status Codes (401/403 for auth failures)

---

networking http security