- We use <em>extremely</em> short-lived cookies to prevent
- request forgery. These don't contain any identifying
- information and they self-destruct after a few seconds.
+ We use cookies to prevent request forgery. These don't contain
+ any identifying information. These <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookies">double-submit cookies</a>,
+ are random cookies that reset each time you visit the page.
+ This prevents another site from tricking you into submitting
+ data to our site, because they can't read the random value in
+ the cookie.