What is a cookie and why it is used to store login credentials?
A cookie is needed while signing/logging in to an application because the logged-in value assigned to the variable, delete on refresh and the user is
](https://cdn.hashnode.com/res/hashnode/image/upload/v1659515346398/V96-CMQga.gif?auto=format,compress&gif-q=60&format=webm)
Cookie
The protocol header contains a piece of information called a cookie, which is shared on each request and response. It's usually used for logging in, buying things, themes, or keeping track of gaming scores. For instance, it is the only secure way to keep user login information in cookies. If you keep your login information on local storage, for instance, a malicious script can easily retrieve it.
Credentials in a cookie are safe as it has some methods which make it secure, like:
HttpOnly attribute to prevent access to cookie values via JavaScript, when you provide HttpOnly to true, it ensures that the cookie only can't be read or writeable by any hidden script.
Secure attribute, while a cookie with a secure attribute can only be sent over a secured network (HTTPS) hence, it also prevents attacks like man-in-middle.
MaxAge attribute is used to store the time through which cookie automatically expires and makes the user log out from the application.
res.cookie("aces_token",jwtAccessToken, {maxAge: 1000 * 60 * 60 * 24, httpOnly:true});
here,
access_token is the key, which is to be stored in the browser to catch up while calling,
jwtAccessToken is the value of the token you wanted to store,
maxAge takes value in milliseconds, I provided time for 24 hours,
httpOnly is set to true.
A cookie is created when you log in to an application, and servers send it to your browser along with a payload that is some sort of encrypted token that only you have the key to decipher. The only cookie that the server sets on the client side of each request is sent in the headers to provide authentication information to the client once more, which is necessary to obtain specific data for the user.
If being prompted to "Accept Cookie" irritates you, it's because the government has legislated that all websites that wish to send cookies must request permission from the user before doing so.
It is up to the user to decide what type of cookie they will get and whether it is useful to them or not. So specify what type of cookie you want to send and why in the front end.