With your partner, in words both of you will understand 6 months from now, answer the following questions.
How would you best summarize credentials when it comes to auth?
Credentials are the proof identifiers which help authorize the users request.
Describe how cookies are exchanged between client and server. Make sure you touch on the technical implementation of cookies.
Cookies are stored on client side but shared with Sever to keep memory of the visit of a webpage for a better user experience. Cookies are limited to 4 kilobytes of data.
From the perspective of a developer, name some basic strengths of using cookies and some weaknesses.
Less information to store on server about the client, but users can delete or choose to not store cookies.
What is the difference between a session cookie and a persistant cookie?
The expiration is the session user is on, and will end after closing browser window. While persistant cookies are stored until they expires.
What is your opinion of the same-origin policy? Support your opinion with some evidence.
same-origin policy is convinient as it allows for second page access to data, the cookies are protected as long as a strict separation between content is provided and maintained on the client side.
Based on what you know, how would you explain CORS?
This is browsers default security rules. It allows one site to have permission to access the cookies set by another site.