Closed Wilsonator123 closed 5 months ago
Session IDs are stored in cookies and are cryptographically randomly generated strings that authorize users on a website.
Session IDs are created on the backend and are never interacted with on the frontend
We use JWT to generate our Session ID
Requirements List
id
to prevent leaking any structural informationSecure
tag to prevent exposure of cookieHttpOnly
tag to restrict cookies to only being accessed in HTTP requestsSameSite
tag to prevent cookies being used from other domainspath
to restrict where cookie can be accessed on page (Path=/login,/signup
)Max-Age
to set the expiry periodnon-persistent
cookies for higher privileged requests?