Answers to questions:
If you can’t read all the cookie content, you should set some cookies on the server side HttpOnly
, that is, the client script cannot be read, and can only be read and operated from the server side.
Reason for setting:
The role of setting HttpOnly is to prevent XSS attacks by preventing JS from reading cookies.