Web Storage (localStorage, sessionStorage, cookies)

What security features are being set in this cookie creation code?

document.cookie = 'username=John; expires=Thu, 18 Dec 2025 12:00:00 UTC; path=/; Secure; SameSite=Strict';

// Reading cookies
const getCookie = (name) => {
  return document.cookie.split('; ')
    .find(row => row.startsWith(name + '='))
    ?.split('=')[1];
};

Only the expiration date
Only the path restriction
Secure flag and SameSite restriction
This code sets important security features for cookies: 1) The 'Secure' flag ensures the cookie is only sent over HTTPS connections, 2) 'SameSite=Strict' prevents CSRF attacks by restricting cookie transmission to same-site requests, 3) The path='/' sets the cookie's scope to the entire domain, 4) An expiration date is set to control the cookie's lifetime, 5) These settings follow security best practices for cookie configuration, 6) The SameSite attribute is particularly important for preventing cross-site request attacks, 7) The Secure flag protects against man-in-the-middle attacks, 8) The combination provides a strong security baseline for cookie usage.
No security features are set

Next Question (6/20)