A web developer has implemented HTML5 optimizations into a legacy web application. One of the modif
ications the web developer made was the following client side optimization:
localStorage.setItem(-session-cookie-, document.cookie);
Which of the following should the security engineer recommend?
A. SessionStorage should be used so authorized cookies exp
ire after the session ends
B. Cookies should be marked as -secure- and -HttpOnly-
C. Cookies should be scoped to a relevant domain/path
D. Client-side cookies should be replaced by server-side mechanisms