Stack Overflow
Stack Overflow

Questions tagged [cookie-httponly]

Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.

Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.

Related Tags:

129 questions
65
votes
4 answers

Laravel 5.6 - Passport JWT httponly cookie SPA authentication for self consuming API?

NOTE: I had 4 bounties on this question, but non of the upvoted answers below are the answer needed for this question. Everything needed is in Update 3 below, just looking for Laravel code to implement. UPDATE 3: This flow chart is exactly the flow…
Wonka
  • 5,762
  • 17
  • 59
  • 108
28
votes
3 answers

Tomcat 7 sessionid cookie disable http-only and secure

I have a web application which is running on a Tomcat 7 server. The cookie with session id has by default the flags HttpOnly and Secure. I want to disable this flags for the JSESSIONID cookie. But it wont work. I have changed this in my web.xml file…
JEE-Dev
  • 281
  • 1
  • 3
  • 5
21
votes
1 answer

How to delete cookie with HttpOnly using PHP or JS

I have a cookie with these parameters: Name: workgroup_session_id Content: "" Domain: agrobman1.tsi.lan Path: / Send for: Any kind of connection Accessible to script: No (HttpOnly) Created: Wednesday, November 4, 2015 at 9:31:58…
anton2g
  • 743
  • 5
  • 9
  • 26
21
votes
8 answers

Setting an httponly cookie with javax.servlet 2.5

here is a function that sets a cookie: public void addCookie(String cookieName, String cookieValue, Integer maxAge, HttpServletResponse response) { Cookie cookie = new Cookie(cookieName, cookieValue); cookie.setPath("/mycampaigns"); …
aamiri
  • 2,260
  • 4
  • 31
  • 57
20
votes
1 answer

Logout with HttpOnly cookie

I can see that HttpOnly cookies are good for security, however they make logging out without server interaction impossible, right?1 So when the network fails, you can't log out and leave. I can imagine a workaround, but I'd like to ask first does…
maaartinus
  • 40,991
  • 25
  • 130
  • 292
9
votes
2 answers

How to set an HTTPONLY cookie in Flask

I read Set "secure" attribute for Flask cookies, but it's for setting secure cookies, but I'm trying to set HTTPONLY cookies. They both are kind-of-secure cookies, but differ in specs (read more). The cookie needs to be protected because it is about…
이기름
  • 107
  • 1
  • 7
8
votes
1 answer

HttpOnly cookies not sent by request

I want to use HttpOnly cookies and I set it in Java as follows: ... Cookie accessTokenCookie = new Cookie("token",…
István
  • 4,465
  • 9
  • 32
  • 60
8
votes
2 answers

Do Mobile Browsers send httpOnly cookies via the HTML5 Audio-Tag?

I try to play some mp3 files via the html5 audio-tag. For the desktop this works great (with Chrome), but when it comes to the mobile browsers (also Chrome (for Android)), there seem to be some difficulties: I protected the stream with some password…
JepZ
  • 933
  • 12
  • 24
7
votes
1 answer

Javascript won't set httpcookie received in XHR response

I have a basic SPA (react) <-> API (net core 2.2) setup, with 2 environments: dev and prod (small project). There is an authentication mechanism on the API side that checks the presence of a httponly cookie in every request containing a JWT. On the…
Binarynam
  • 144
  • 7
5
votes
0 answers

ASP.NET HttpOnly cookie in web.config not working

From everything I've read online, a web.config like this should enable HttpOnly cookies, in ASP.NET 2.0. However this is not working. ... Is…
jmosesman
  • 706
  • 1
  • 11
  • 23
4
votes
0 answers

HttpOnly cookie and XSRF-TOKEN in angular js

I have an angular js web application with play framework as server side. I am using Google plus sign-in button to authenticate users. I need to authenticate all my ajax calls in the server side. After going through documentation that's available on…
DBS
  • 714
  • 1
  • 7
  • 19
4
votes
1 answer

Why is request.getsession() not returning the same session

I am developing a single page web application. I have included a java filter to intercept the html page request. So in this filter I am creating a session using request.getSession(). And then I am setting the JSESSIONID cookie explicitly as I have…
tiger
  • 643
  • 6
  • 17
4
votes
1 answer

is HTTP only attribute setting missing in jboss7?

I used the following steps with JBOSS5 and 6, but these are not applicable to JBOSS 7: - change server/CONFIG/deploy/jbossweb.sar/context.xml - add As I found solution for jboss7, Add the http-only…
bNd
  • 7,168
  • 4
  • 35
  • 69
3
votes
1 answer

How to use http only cookie with django rest framework?

I read about some of the issues related to storing jwt token in local storage that's why I am trying to store token in http-only cookie. I am using following approach. from rest_framework.views import APIView from rest_framework.response import…
Abhishek Kumar
  • 75
  • 2
  • 8
3
votes
1 answer

httpOnly cookie in react-native for JWT refresh-token

I have an express-node server . I send JWT access token in response and also a JWT refresh token via httpOnly cookie only . When using it in browser, that refresh token is automatically sent with every subsequent request. But when I tried to use…
subhadip pahari
  • 536
  • 3
  • 12
1
2 3
8 9