Tag: SameSite Cookies

Total 3 Posts

CSRF is (really) dead

A little while back I wrote a blog post about how "CSRF is dead". It focused on SameSite cookies, a powerful yet simple feature to protect your website against CSRF attacks. As powerful as it was, and as much as it will kill CSRF, you had to enable it on…

Continue Reading

Cross-Site Request Forgery is dead!

After toiling with Cross-Site Request Forgery on the web for, well forever really, we finally have a proper solution. No technical burden on the site owner, no difficult implementation, it's trivially simple to deploy, it's Same-Site Cookies. As old as the Web itself Cross-Site Request Forgery, also known as CSRF…

Continue Reading

Tough Cookies

Cookies are tiny pieces of data attached to requests that your browser sends. Their most important use is for authentication so that a web server can know if you are logged in or not. Unfortunately there are a few problems with cookies that needed addressing. Let's toughen up our cookies!…

Continue Reading