Security
Difficulty: unrated
Source: bregman-arie/devops-exercises by Arie Bregman
True. Cookie-based authentication session must be kept on both server and client-side.