No signup. No paywall. No catch.One of our 10 most-requested practitioner modules — published in full so anyone can learn for free. We earn through consulting, not by gating knowledge.
Cookies are the most-misunderstood browser feature. Domain attribute, path, SameSite, Secure, HttpOnly, Partitioned — each affects when the browser sends the cookie. Combinations produce surprising behaviour.
Cookies are the most-misunderstood browser feature. Domain attribute, path, SameSite, Secure, HttpOnly, Partitioned — each affects when the browser sends the cookie. Combinations produce surprising behaviour.
Examples that catch defenders off guard: cookie set on parent domain visible to subdomain (intentional, abuseable); SameSite=Lax allows top-level navigation cookies (CSRF window); Partitioned cookies behave differently per top-level site.
The mindset: when you set a cookie, the question isn’t “does it work”; it’s “in which contexts does it travel, and is each safe?”
Want this for your team?
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.
