Cookie-based authentication with Supabase stores JWTs in secure, HTTP-only cookies to manage user sessions. Upon login, Supabase generates a JWT, which is stored in a cookie with Secure and SameSite attributes to prevent XSS and CSRF attacks. The server validates this token on subsequent requests to authenticate users. Tokens can include expiration and use a refresh mechanism for session renewal. This method ensures secure session handling, simplifies API integration, and is ideal for SSR environments. Supabase's Auth Helpers make implementation seamless by automating token management and cookie handling for protected routes.