Cookies
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies (opens in a new tab)
https://www.npmjs.com/package/cookie (opens in a new tab)
Security
httpOnlyrestrict JS access. e.g.document.cookiesecurelimits tohttps://scheme.
SameSite
Controls if cookies are sent for cross origin requests.
- None. Send to both same and cross domain.
- Strict/Lax. Send only to same domain.
Session vs Persistent
Session: w/o max-age / expires directive. Removed when browser connection closed. Stored in server memory usually.
Persistent: w/ max-age / expires directive. Removed based on the directive. Stored in user agents.