Is the cookiemanager safe enough to be deployed in production?

[NoNeuronsNoStress]

hey guys, I just built an app, that needs users to authenticate, obviously i want to make this process as safe as possible. I found out that this authenticator uses the following cookie manager https://github.com/Mohamed-512/Extra-Streamlit-Components.

They mention in the README the following: Security Note: In shared domains such as share.streamlit.io, other web developers can have access to the cookies you set and the same goes for you. This is not to be treaded as security bug but a circumstance the developer need to be aware of.

I wanted to store permissions for the user & the current user in the cookies. Could this lead to vulnerabilities, where users try to overwrite whatever is in their cookie ? I'm not a web dev, this might be totally incorrect, thats why I'm asking for your help.

[mkhorasani]

Hi @NoNeuronsNoStress, I have tested Streamlit Cloud extensively and failed to recreate such a scenario where cookies are accessible by other applications on the same server. Regardless, out of an abundance of caution, I have removed the user's name from the cookie token. Please update to release v0.3.1 to avail this new version.