Hacker News new | comments | show | ask | jobs | submit login

There is a newish cookie flag called samesite to do exactly this. Chrome is the only browser to support it though.

I read about this recently. It's hard to believe these cookies didn't exist until 2016.

The biggest problem solved by cookies has always been sessions. samesite is sufficient for most sessions. It seems like samesite should have been the default from the beginning.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact