I think the easiest approach would be to create a wrapper for the API that appends the desired values to the request (in whatever manner is needed). For example:

// Mutate the below object to send data to the server
const valuesToSend = {};
const makeRequest = (url) => fetch(url, { body: JSON.stringify(valuesToSend });

valuesToSend.foo = 'foo';
fetch('someurl')
  .then(res => res.json())
  .then((result) => {
    // ...
  })

If you really really wanted to store the values in cookies instead, it'd be possible, but it wouldn't really help, since cookies are shared and you'd have to filter for only the cookies matching the current tab - for example, you could generate a unique ID on pageload, and when setting a cookie, prepend the cookie key with the ID. Then when making a request, filter for only values matching the ID, and only send those.

Possible, but cumbersome. A wrapper function is a lot easier.

If that's not an option, another possibility is to use the same sort of approach as above, except that you also set a cookie with the unique ID just before you make a request, and then check that on the server to figure out which values are relevant to the current request. That is:

1. You see that you need to make a request
2. You set a cookie indicating the ID of the current tab
3. You make a request to the server (which includes all cookie info)
4. The server extracts the ID from the cookie, then filters the cookies it got by whether the cookie's key matches the ID

As long as you set the tab's ID to a cookie before making a request, the server should be able to identify which cookies are relevant to a given request.

This is convoluted. I'd recommend figuring out whether there's a better way to structure the application so that this isn't necessary.

If something like that exist , We can say good bye to CSRF attacks .

You may find this helpful Tab specific cookies without using sessionStorage or any HTML5 features