Follow these rules to stay safe: - Use HttpOnly cookies to stop JavaScript theft. - Use Secure cookies so data only travels over HTTPS. - Use SameSite settings to prevent CSRF attacks. - Always call ...