| ▲ | collinmanderson 3 hours ago | |
with http-only they can't _steal_ the cookie, but they can still _use_ the cookie. It reduces the impact but doesn't fully solve it. | ||
| ▲ | collinmanderson 3 hours ago | |
with http-only they can't _steal_ the cookie, but they can still _use_ the cookie. It reduces the impact but doesn't fully solve it. | ||