Stack Overflow
Stack Overflow

Questions tagged [cookie-httponly]

Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.

Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.

Related Tags:

129 questions
3
votes
1 answer

Consuming httpOnly cookies from Postman

Is there a way of defining a httpOnly cookie in Postman and send it to the client is requesting it? Thanks in advance for your help. Regards
ESRISM
  • 81
  • 9
3
votes
1 answer

How to know if a cookie is HttpOnly server side

I have an application using Spring Boot where I set a HttpOnly cookie. In the browser I can inspect it and see that it's well set as HttpOnly. With this I avoid the client side from using javascript on it. But, do I have to do anything on the…
Juan Vega
  • 843
  • 1
  • 10
  • 29
3
votes
2 answers

asp.net core session not working , set cookie in response header but not set in browser

I am using sessions to manage application state in ASP.NET CORE and it's configured as below. services.AddSession(options => { options.CookieName = ".my.Session"; options.IdleTimeout =…
noobProgrammer
  • 2,034
  • 2
  • 14
  • 20
3
votes
1 answer

set session cookie secure and httpOnly for LFR_SESSION_STATE_%

Environment : Liferay 6.2 with Jboss We are trying to implement httponly and secure. For this we have dome some changes like below Added in Portal-ext.properties : cookie.http.only.names.excludes= and Added following properties in…
mahesh
  • 779
  • 1
  • 15
  • 37
3
votes
2 answers

Scala: Play Framework 2 ignores httpOnly flag in application.conf

I want to use i18n in my Play-Application (Play 2.1, Scala). The chosen language is stored in the PLAY_LANG-Cookie, but unfortunately this cookie is httpOnly. That means I can't read its value in my JavaScript files. I tried changing the…
user2346275
  • 31
  • 2
2
votes
2 answers

Spring Boot + Angular 9 JWT token store in HTTPOnly Cookie

I am using Spring boot with Angular 9 with STATELESS session implementation. The application is successfully performing login and registration functionality. String boot generates token(JWT) on each and every request of login. After login when I…
Ajay Mishra
  • 21
  • 1
  • 1
2
votes
1 answer

Could not disable HttpOnly flag in browser via ColdFusion

In our application, we use J2EE session variables for session management. We recently migrated from ColdFusion 9 to ColdFusion 2018. After migration, the logout functionality is not working. What we found is that, in ColdFusion 2018, the cookie…
user3742125
  • 557
  • 2
  • 6
  • 26
2
votes
0 answers

Cookie reset on redirects

My app has multiple domains and has a feature that let the user switch to other local site. When a user switch locale he is being redirected between the domains (for each domain the app will set cookie with the same locale settings). At the end of…
Bitmap
  • 96
  • 1
  • 9
2
votes
1 answer

Angular2 httponly cookie not saved when adding custom http headers

I've came to dead end with implementing and handling CORS issues between Angular2 application and Java backend API. I am aware and know what are CORS requests, have implemented already in angular1 apps, but I can't make it work in Angular2 (Ionic2)…
Eagle
  • 103
  • 7
2
votes
0 answers

Using Http-Only Cookie as Jwt Container

I know that many people might not agree with this implementation but I am looking to store a jwt inside a http-only container to prevent javascript access to the token. The .NET application retrieves a Jwt from an Identity Server once a user is…
GWilkinson
  • 97
  • 1
  • 10
2
votes
1 answer

Edit Cookie HttpOnly value

Due to PCI regulations, most cookies in my application need to be secure and httponly. I have achieved that through this line in my Apache config file: Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure However this breaks part of the application…
Leia
  • 154
  • 1
  • 11
2
votes
1 answer

Internet Explorer 11 is Not Submitting HTTPOnly Cookies

So I'm working with an application that sends back an ID for the browser to use in future XHRs in an httponly cookie. However, in future requests to the server, this cookie is not being submitted in IE11 on Windows 7. This works in Opera, Chrome,…
joshualan
  • 1,790
  • 6
  • 18
  • 30
2
votes
1 answer

Cookie not set after adding www to cookie domain

I can't get the cookie set in the browser. This happens when I add www to the cookie domain, but can't figure out why. Problem description We have a domain mycompany.com, an application running under mycompany.com and another application under…
mody75
  • 21
  • 3
2
votes
1 answer

Access a secure cookie from a Greasemonkey script?

Is there anyway to access a secure cookie from a Greasemonkey script? I wrote script that uses the document.cookie.split function. It returns a list of cookies but it doesn't included the secure cookie(s).
perlish
  • 45
  • 2
  • 7
2
votes
1 answer

HttpOnly cookie, ajax request and server-side security in a js client application

I have a js client applcation that uses an http-only cookie to store the currently authenticated user's credentials. The application uses the data in the cookie to perform the per-request authentication. However, the application does make ajax…
Ivaylo Slavov
  • 8,179
  • 10
  • 57
  • 103
1
2
3
8 9