In the first part of this series on cookies, the author discussed how cookies are stored, how they’re read by the server, and how browsers handle them.
They are now suggesting that understanding the attributes of a cookie is vital to the cookie’s security, and by extension, the security of the application.
Cookies have attributes that determine how, when, and where they can be sent or accessed, and these attributes are the front line of defense against common web attacks.
Attacks like XSS and CSRF, for example, can be mitigated with the proper use of cookie attributes.
The author recommends that these attributes are not just optional metadata, but are crucial for piecing together a true insight into an application’s security. Gaining a deeper understanding of these attributes, and using them correctly is the essence of developing secure communications online.