2021-10-13 01:17:44 +02:00
|
|
|
# Cookie Tampering
|
2021-12-04 00:26:03 +01:00
|
|
|
|
|
|
|
|
## Components
|
|
|
|
|
|
|
|
|
|
* Separator is `;`
|
|
|
|
|
* Name
|
|
|
|
|
* Value
|
|
|
|
|
* Domain
|
|
|
|
|
* Path
|
|
|
|
|
* Expires/Maxage
|
|
|
|
|
* Size
|
|
|
|
|
* HttpOnly, no access by client side scripts
|
|
|
|
|
* Secure, HTTPs only
|
|
|
|
|
* SameSite, cookie sent through cross-site request
|
|
|
|
|
* SameParty, firt party requests only
|
|
|
|
|
* Priority
|
|
|
|
|
|
|
|
|
|
## Response
|
|
|
|
|
* May look like this
|
|
|
|
|
```sh
|
|
|
|
|
Set-Cookie: <cookie-name>=<cookie-value>; Domain=<domain-value>; Secure; HttpOnly
|
|
|
|
|
```
|
