An HTTP cookie is a piece of data stored by the user's web browser. Unless otherwise specified, cookies can be created, read, modified and deleted both by JavaScript and from server-side through HTTP headers.

- Stackoverflow.com Wiki
4 articles, 0 books.

The European Union introduced laws some while ago requiring web sites to obtain consent from EU visitors to allow the use of cookies. Most larger corporate sites have implemented a policy for obtaining consent - or an "implied consent" solution, but countless smaller sites and blogs like mine have not bothered.


Cookies can be removed, edited, and faked. Leveraging the HSTS database as a storage mechanism potentially reduces the possibility that your tracking ID will be deleted.


Tokens-based authentication is more relevant than ever. Examine the differences and similarities between cookie and token-based authentication, advantages of using tokens, and address common questions and concerns developers have regarding token-based auth.


After toiling with Cross-Site Request Forgery on the web for, well forever really, we finally have a proper solution. No technical burden on the site owner, no difficult implementation, it's trivially simple to deploy, it's Same-Site Cookies.