Web Dev//frontend//cookie

The browser's native memory. A small file that the browser stores per website and sends automatically with every HTTP request. Your code doesn't control it — Chrome (or Firefox, or Safari) does.

The browser's native memory. A small file that the browser stores per website and sends automatically with every HTTP request. Your code doesn't control it — Chrome (or Firefox, or Safari) does.

Every time the frontend makes a request to the backend, cookies travel in the headers. You don't attach them manually — the browser injects them on its own.

In a Supabase app, the cookie holds the session token — the one that says "I'm Carmen." It does NOT hold the Gmail token (that lives on the server, in the profiles table). Cookies only transport identity, never external service secrets.

In Next.js, Supabase's SSR helpers (@supabase/ssr) handle reading, writing, and refreshing tokens in cookies automatically. They're the SDK's framework-specific glue.

process.env has nothing to do with cookies: environment variables live on the server, cookies live in the browser. Separate channels.