Cookie Policy
We use cookies for session management and demo features. Some cookies are intentionally insecure to demonstrate risks.
Types of Cookies
Session Cookies
Used to keep you logged in. These cookies may be intentionally insecure (no HttpOnly flag, predictable values, no secure flag) to demonstrate session management vulnerabilities.
Tracking Cookies
Demo-only cookies for analytics and user tracking. These are for demonstration purposes and should not be used in production environments.
Authentication Cookies
Cookies used for authentication may contain sensitive tokens. These are intentionally vulnerable to demonstrate cookie-based attacks like session hijacking and fixation.
Intentional Vulnerabilities
This application intentionally uses insecure cookie practices to demonstrate security risks:
- Cookies without HttpOnly flag (accessible via JavaScript)
- Cookies without Secure flag (transmitted over HTTP)
- Predictable session tokens
- No SameSite attribute protection
- Long-lived cookies that never expire
Cookie Management
You can view and manage cookies through your browser's developer tools. This application stores cookies in localStorage and sessionStorage as well, which is a security anti-pattern demonstrated for educational purposes.
🍪 Security Note: All cookie vulnerabilities in this application are intentional. In production applications, always use secure, HttpOnly cookies with proper SameSite attributes.