Cookies have been truly horrible. I check in on them every couple of years, beca... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jerf 8 months ago \| parent \| context \| favorite \| on: Cross-Site Request Forgery Cookies have been truly horrible. I check in on them every couple of years, because I don't do a lot of front-end but when I do it's often security-sensitive, and every single time I check in on them there's some new entry in "SameSite; NoSeriouslySecureHarder; WhoopsTheLastStandardWasNotGoodEnough=BeActuallySecure; AwwShitDidWeGetItRightLastTime=false" parade of attributes you need to send to get actually secure cookies. No shade on the people implementing this stuff, I understand the backwards compatibility concerns, but I mean, keeping up with this stuff is harder than it should be. And thanks to backwards compatibility most of it still defaults open, though browsers have pecked at that as they can.

unethical_ban 8 months ago | [–]

Your examples made me chuckle. I was thinking "God I hope frameworks deal with all this stuff".

pstuart 8 months ago | [–]

Fortunately the stability and consistency of JS frameworks make light work of that pain!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact