Alternative to HTTP Cookies?

Question

They say Cookies are bad. I personally believe there should be a "smarter" way to detect the state of a user on a web app.

Say, currently this is how it works i

Answer 1

You need secure cookies with cookie prefixes. Cookie prefixes __Secure-* and ___Host-* secure your cookies by ensuring that they are only set by and sent over secure connections preventing cookie sniffing and man-in-the-middle attacks.

For additional security you could force your users to only log in from a whitelist of specific IP addresses.