Great article. Thanks for the explanation. Re: your section under "Why", it's worth mentioning that the default same-site value for cookies is lax, which means CSRF attacks aren't an issue because the cookie won't be sent cross-origin, unless the developer purposely changed the default value.
Distraction-free reading. No ads.
Organize your knowledge with lists and highlights.
Tell your story. Find your audience.
Read member-only stories
Support writers you read most
Earn money for your writing
Listen to audio narrations
Read offline with the Medium app
I’m a software developer who is passionate about learning how things work behind the scenes.
