feat: use a cookie prefix to lock down the session cookie

> __Host-: If a cookie name has this prefix, it's accepted in a
> Set-Cookie header only if it's also marked with the Secure attribute,
> was sent from a secure origin, does not include a Domain attribute,
> and has the Path attribute set to /. In other words, the cookie is
> domain-locked.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Cookies#cookie_prefixes

0 files changed, 0 insertions, 0 deletions