https://takao.blog/en/tags/cookies/Recent content in Cookies on Commentary of TakaoHugo -- gohugo.ioenCommentary of TakaoSat, 13 Jun 2026 23:11:50 +0900https://takao.blog/en/web/secure-cookies/Mon, 09 Dec 2024 00:00:00 +0900https://takao.blog/en/web/secure-cookies/<img src="https://takao.blog/img/thumnail.webp" alt="Featured image of post Secure Cookie Configuration: A Complete Web Developer Guide" /><p>Cookies remain one of the most frequently misconfigured security controls on the web. A single missing attribute can expose your application to session hijacking, CSRF, or cross-site information leakage. Modern browsers have pushed stricter defaults, but understanding each attribute and combining them correctly is essential for defense-in-depth.</p> <p>The core security attributes are <code>Secure</code>, <code>HttpOnly</code>, <code>SameSite</code>, and the <code>__Host-</code> / <code>__Secure-</code> prefixes. Each serves a distinct purpose, and they work best when combined.</p>