A web developer has implemented HTML5 optimizations into a legacy web application. One of the modif

ications the web developer made was the following client side optimization:

localStorage.setItem(-session-cookie-, document.cookie);

Which of the following should the security engineer recommend?

A. SessionStorage should be used so authorized cookies exp

ire after the session ends

B. Cookies should be marked as -secure- and -HttpOnly-

C. Cookies should be scoped to a relevant domain/path

D. Client-side cookies should be replaced by server-side mechanisms