ALL
SameSite attribute in cookie
Starting from Chrome 51, a new attribute SameSite has been introduced for browser cookie. This attribute is to prevent CSRF attack.Cookie is normally used to store data exchanged between client and server. It frequently stores user login information. If a malicious website can forge a HTTP request with the valid third party website cookie, it may be called a CSRF attack.For example, if a user logins to a bank website your-bank.com, the bank server responds a cookie:Set-Cookie:id=a3fWa;Later the user somehow visits malicious.com and there is a form on the website.<form action="your-bank...
3,503 0 COOKIE JAVASCRIPT SAMESITE CHROME CSRF