Session and Persistent Cookies
Explore the concepts of session and persistent cookies, how browsers handle each type, and the security trade-offs involved. Understand session restoring and its potential issues, and learn when to use each cookie type based on application context and compliance requirements.
We'll cover the following...
We'll cover the following...
Session cookies
When a server sends a cookie without setting its Expires or Max-Age, browsers treat it as a session cookie. Rather than guessing its time-to-live or applying funny heuristics, the browser deletes it when it shuts down.
Persistent cookies
A persistent cookie, on the contrary, is stored on the client until the deadline set by its Expires or Max-Age directives.
Session restoring
It is worth noting that browsers ...