A curious developer
Nothing here yet.
Yes, you can use session cookies cross-origin. but be careful because it can lead to vulnerability issues as well. For example - your back-end is hosted on api.back-end.com and you want to provide session to your front-end project which is hosted on app.front-end.com. so on back-end you need to provide response headers Access-Control-Allow-Origin: app.front-end.com Set-Cookie:'SESSIONID=yourSessionId; HttpOnly so that it will only send session cookies to this front-end app. if you provide Access-Control-Allow-Origin: * which will provide session to all apps (which is not preferable because some other website can request your back-end and access session ids to play with your back-end). To make it more secure you can add credentials: include inside your request header with fetch in the front-end app. this would block Javascript to access browser cookies via Javascript broswer apis.