Reference
Cookie Attributes
Learn how cookie attributes impact security, scope, and browser behavior.
Domain
Learn how the Domain cookie attribute controls which domains can access cookies. Understand subdomain sharing, security implications, and restrictions.
Expires
Learn how the Expires cookie attribute sets an absolute expiration date. Understand date formats, timezone handling, and when to use Expires vs Max-Age.
HttpOnly Cookie Attribute: XSS Protection
Learn how the HttpOnly cookie attribute protects against XSS attacks by preventing JavaScript access to sensitive cookies.
Max-Age
Learn how the Max-Age cookie attribute sets expiration in seconds from now. Understand why Max-Age is preferred over Expires for reliable lifetime control.
Path
Learn how the Path cookie attribute restricts which URL paths can receive cookies. Understand path matching rules and how to scope cookies to specific routes.
SameSite Cookie Attribute: CSRF Protection
Learn how the SameSite cookie attribute prevents CSRF attacks, the differences between Strict, Lax, and None, and when to use each.
Secure
Learn how the Secure cookie attribute ensures cookies are only sent over HTTPS connections. Protect sensitive data from man-in-the-middle attacks.