Let’s take Google and other popular bank websites which uses cookie.
I’ve been working with a website using Angular which uses Laravel as an API. Data are stored in cookies which is vulnerable in client side including the JWT.
For websites using cookie-based authentication, what security implementation and practices they do to protect and secure the data from any attack aside from setting the security flags and options of cookie?
Here are some of specific cookie attacks:
- CSRF, cookie poisoning
- Session fixation
- Eavesdropping, cookie hijacking/stealing
- Cookie injection from related hostnames
- Cookie eviction
- Direct cookie injection
- TCP/IP hijacking
How popular websites and bank websites handle these attacks in order to protect the data stored in the cookies?