Cookie-Based Authentication Security of Popular Websites
Let's take Google and other popular bank websites which uses cookie.
I've been working with a website using Angular which uses Laravel as an API. Data are stored in cookies which is vulnerable in client side including the JWT.
For websites using cookie-based authentication, what security implementation and practices they do to protect and secure the data from any attack aside from setting the security flags and options of cookie?
Here are some of specific cookie attacks:
CSRF, cookie poisoning
Eavesdropping, cookie hijacking/stealing
Cookie injection from related hostnames
Direct cookie injection
How popular websites and bank websites handle these attacks in order to protect the data stored in the cookies?