Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.
Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.
Questions tagged [cookie-httponly]
129 questions
1
vote
0 answers
How to set cookie in my custom authentication view( django-rest-framework-simplejwt)?
After login access and refresh token seted in httponly cookie.So I create CustomAuthentication(Inherit from JWTAuthentication) view to get the httponly cookie.If access token invalid at that time InvalidToken error except(see my below code) then…
Pradip
- 1,204
- 3
- 18
1
vote
1 answer
Django REST: How do i return SimpleJWT access and refresh tokens as HttpOnly cookies with custom claims?
I want to send the SimpleJWT access and refresh tokens through HttpOnly cookie. I have customized the claim. I have defined a post() method in the MyObtainTokenPairView(TokenObtainPairView) in which I am setting the cookie. This is my code:
from…
forest
- 370
- 1
- 4
- 15
1
vote
0 answers
How to set httponly-cookie in react production without chrome settings via Express.js
Chrome does not store the cookie we set on the server side unless the settings are set in Chrome. If the user has disabled the chrome browser setting for cookies. The authentication system I made with the http only cookie does not work for users, I…
phybarin
- 71
- 1
- 8
1
vote
1 answer
How do I delete a HttpOnly Cookie on the client?
I have a website that, when a user logs in, creates an Access token which is stored in memory and a Refresh token that is stored in an HttpOnly cookie. When a user logs out I want to delete the HttpOnly cookie. however, since it's HttpOnly I am not…
BaraKanske
- 59
- 1
- 7
1
vote
1 answer
How to manage and send httpOnly stored jwt cookies within React and Axios
I'm actively trying to gain knowledge on httpOnly cookie and found out lots of article on it that why should we use it.
But I haven't seen any practical example of how to work with it. From few trial and error, I came to knew that we can't set…
Rahul Ahire
- 39
- 7
1
vote
1 answer
How does HttpOnly cookie protect against XSS/Injection attack if they are passed automatically with every request?
From what I understand, HttpOnly cookies cannot be read by client js but they are passed by the browser with any subsequent requests.
If an attacker is able to inject js in to a web page and makes a request to the endpoint, it would still go through…
Aravind
- 450
- 4
- 16
1
vote
0 answers
FrontEnd doesnt send httpOnly cookies
I send httpOnly Cookies to my frontend as following
res.cookie('refreshToken', tokens.refreshToken, {
httpOnly: true,
secure:process.env.NODEENV ==='DEV'?false:true,
expires:new Date(Date.now() +…
Abdelrahman Shahda
- 61
- 8
1
vote
0 answers
How EditThisCookie can edit value of Local HttpOnly Cookie from Chrome?
I need to edit locally stored HtppOnly cookies because my java program doesn't have browser capability so that I intent it to browser to view and manage same functions. But now the remote server has been updated and they use HttpOnly cookies (for…
makgun
- 143
- 2
- 8
1
vote
0 answers
Difference between HttpOnly and Signed Cookie
I want to know the difference between an HttpOnly cookie and a Signed cookie.
Note: I am not talking about cookie with a secure flag.
As far as I know, HttpOnly tells the browser that cookie is only accessible by server. And Signed cookie is sent…
Daksh Beniwal
- 41
- 1
- 3
1
vote
0 answers
Why am I able to update HttpOnly cookie?
I'm setting a cookie to HttpOnly in the Node layer of an Express + VueJS application before the response from the user login endpoint is dispatched as follows:
res.cookie('ms-sso', response.session.token, { httpOnly: true })
Based on going to…
Adam Freymiller
- 1,627
- 6
- 20
- 42
1
vote
0 answers
How to block ui while file download in asp.net C# without using cookie?
I have httponlycookie is true in web.config..so Server side cookie is not accessible in javascript to unblock ui.. is there any option to block ui without using cookie value
Block and unblock UI Code:
function blockUIForDownload() {
…
Anusuya
- 21
- 1
- 3
1
vote
1 answer
HttpOnly cookie can be accessed in a node client?
I'm new to node and going through some tutorials. I've got a simple node server running this code:
// SERVER CODE
const http = require('http');
const Cookies = require('cookies');
const port = 3000;
const requestHandler = (request, response) => {
…
joshualan
- 1,790
- 6
- 18
- 30
1
vote
0 answers
Browser removes HttpOnly flag on token cookie set by server
I have a REST service providing JSON data to a JS application. During authentication, the server sets an HttpOnly cookie named token= and sets the HttpOnly flag. The HttpOnly flag is visible in the browser's developer tools.
But, when the JS app…
worldbeater
- 141
- 1
- 1
- 8
1
vote
0 answers
AWS Application controlled Stickiness cookies in .NET
Does anyone have .NET implementation using AWS application controlled stickiness cookies? I have LB generated stickiness cookies [usually it's named as "AWSELB"] which does not support HttpOnly Secure flag. For security reasons, I need to change…
Viswa
- 547
- 6
- 15
1
vote
0 answers
Why are browsers not displaying HttpOnly flag?
ASP.NET session cookies are HTTP only, regardless of the
httpOnlyCookies setting linked to in your question, because this is
burned into ASP.NET. You can't override this.
Source: Accepted answer at How is HttpOnly get set for ASP.NET_SessionId…
Nikhil Vartak
- 4,510
- 3
- 21
- 29