๐ Cookie Fundamentals
Core concepts, syntax, and basic patterns for working with browser cookies.
๐ช Core Concepts
1. Cookie Syntax Basics
Cookies are stored in key=value pairs. They consist of:
document.cookie = "name=value; attributes";
- โข name=value - Core storage
- โข expires - Expiration date
- โข path - Scope path
- โข domain - Scope domain
- โข Secure - HTTPS only
2. Security Flags
HttpOnly
Prevents client-side scripts from accessing cookie data
document.cookie = "token=abc123; HttpOnly; Secure"
SameSite
Controls cross-site sharing behavior
document.cookie = "session=xyz; SameSite=Strict"
๐ Example: Secure Session Cookie
// Set secure session cookie
document.cookie = "session_id=abcxyz1234;
max-age=3600;
domain=.example.com;
path=/;
Secure;
HttpOnly;
SameSite=Strict";
HttpOnly: Prevent XSS access
Secure: Prevents MITM attacks
โ๏ธ Best Practices
๐งน
Minimal Scope
Always limit cookies to necessary paths/domains:
domain=.example.com; path=/api;
๐
Expiration Strategy
Use absolute expiration dates for predictable cleanup:
expires=Wed, 01 Jan 2026 23:59:59 GMT;
๐ง
Value Encoding
Always encode values to avoid injection issues:
value=encodeURIComponent("user@example.com");
๐งช
Testing Patterns
Test in different browser environments with SameSite variants
SameSite=Strict vs. lax
๐ Continue Your Learning
Master cookies with our complete documentation ecosystem. Learn security patterns, performance techniques, and cross-browser compatibility.