← ClaudeAtlas

auth-sessionlisted

Use when issuing authenticated session cookies: issue HTTP only, secure, same site session cookies for authenticated requests.
sarmakska/slipstream · ★ 1 · API & Backend · score 73
Install: claude install-skill sarmakska/slipstream
## Overview Issue HTTP only, secure, same site session cookies for authenticated requests. ## Steps 1. Set the session cookie with `HttpOnly`, `Secure`, `SameSite=Lax` and a sensible `Max-Age`. 2. Sign or encrypt the cookie payload so it cannot be tampered with. 3. Rotate the session on privilege change. ## Verify Run the tests and confirm the issued cookie carries the HttpOnly and Secure flags.