Cookie Tampering

Components

• Separator is ;
• Name
• Value
• Domain
• Path
• Expires/Maxage
• Size
• HttpOnly, no access by client side scripts
• Secure, HTTPs only
• SameSite, cookie sent through cross-site request
• SameParty, firt party requests only
• Priority

Response

• May look like this

Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>; Secure; HttpOnly