Serious question: Why does anybody use Cookies? They have a negative connotation these days, and it’s a pretty lousy way to save state. I haven’t used cookies in years, I use local storage for anything that needs to be saved locally, and I send those values along in a header, payload, or parameter. Like you do everywhere else.
Every other development platform, other than the web, doesn’t natively support cookies (some have bad support as a 5th class citizen that are never used). Why does the web need them? Why use them?
Every other development platform, other than the web, doesn’t natively support cookies (some have bad support as a 5th class citizen that are never used). Why does the web need them? Why use them?
Follow
> why use them?
Because its the only way to implement login without requiring JavaScript.
Cookies aren't inherently bad. There are some quirks, specifically the SameSite attribute. I eventually settled on two cookies, one SameSite strict and one SameSite lax. Both HTTP Only (not exposed to js) and both having a server side session token.
That way I can allow 3rd party referrer links to be logged in for specific actions ( click link in webmail to confirm email address ) while staying secure against 3rd party request forgery vectors in general.
