Cookie
A small piece of data the browser stores per-domain and sends with subsequent requests — the original mechanism for sessions and preferences.
In long form.
Cookies are key-value pairs with attributes: Domain, Path, Expires, Secure (HTTPS only), HttpOnly (not readable by JavaScript), SameSite (Strict / Lax / None for cross-site behavior). Modern best practice for session cookies: HttpOnly, Secure, SameSite=Lax. Third-party cookies are increasingly restricted by browsers (Safari ITP, Firefox ETP, Chrome's Privacy Sandbox) — most cross-site tracking infrastructure is being deprecated.
For session auth, we set HttpOnly + Secure + SameSite=Lax cookies via the framework's session middleware. For non-session preferences (theme, locale), localStorage is usually a cleaner fit.
Talk to us about your engagement.
Discovery calls are free. Scope, timelines, and pricing are quoted after we understand what you’re solving.