The implementation of cookies is close to recent browser's implementations. Dappy only does https therefore all cookies are forced to
httpOnly: true. Only possible values for
As you know, a name in dappy may be associated with many web servers, each with an IP address and SSL/TLS certificate. Cookies are always tied to a dappy name in addition to domain name (that is part of the whitelist). If
mysite2 interact with the same web server (same host and IP address), the cookies will not be shared.
mysite1. Cookies isolation prevents 95%+ of CRSF attacks.