Is using two cookies one Lax and one Strict a way to improve usability without compromising security?
My understanding is that
Strict is the best as, admitting you have a recent browser, it completely replaces the need for CSRF Token.
Strcit is however a big hit on usability as things like SSO or just having a link in email to go to a log… Continue reading Is using two cookies one Lax and one Strict a way to improve usability without compromising security?