BFF Pattern and the Token-Protection Security Model
The security motivation, structure, and threat model (token theft vs. session riding) of the Backend for Frontend (BFF) pattern, which eliminates token exposure in SPAs
3 docs tagged with "cookie"
View all tagsCSRF / SameSite / CSP and XSS Defense
CSRF defenses (SameSite, antiforgery tokens) for cookie-based authentication, and Content Security Policy (CSP) as defense-in-depth against XSS
HTTP-only Cookie Authentication
Mechanism and implementation of session-based authentication using HTTP-only Cookies