Yes, I set manually. But this issue still harmful is if attackers attack local machine and change this cookies manually to put some script. I hope ABP can take this issue seriously because it will effect our current development in term of security if this issue not solve. Tq