cookies
Safeguard articles tagged "cookies" — guides, analysis, and best practices for software supply chain and application security.
5 articles
CSRF in Node.js: attack mechanics and modern mitigation
Express has never shipped CSRF protection in core, and its most popular middleware, csurf, was archived in 2022 — here's what actually replaces it.
Secure session lifecycle management: tokens, rotation, and cookie flags
OWASP requires session IDs carry at least 64 bits of entropy, yet a 2007 Rails flaw shows one dropped attribute is enough to make fixation trivial.
Cookie Security Best Practices (2026)
Session cookies are the keys to your users' accounts. Here is how to set them so they cannot be stolen, forged, or leaked: the flags, the prefixes, and the parsing pitfalls.
Web Session Security: A Practical Guide
Web session security is the set of controls that keep a logged-in user's session token from being stolen, guessed, or reused by an attacker — and most of it comes down to a handful of cookie flags and lifecycle rules teams routinely skip.
Cookie Security for Modern Web Applications
Cookie misconfigurations remain one of the most common web vulnerabilities. From SameSite to cookie prefixes, here is how to configure cookies that resist session hijacking and CSRF attacks.