0

I have generated and set cookie at frontend itself (React JS) using js-cookie library which was working fine until I was using it with httpOnly set as false. Now, my condition is set httpOnly as true but I'm not able to achieve this because I found on internet that if we will set the cookie with httpOnly = true then I will not able to get the cookie using javascript (viz. React JS) which is just a feature of httpOnly cookie.

  1. I searched and found one related library called "react-cookie" can be found https://www.npmjs.com/package/react-cookie but with this library also I don't know how my javascript will able to get the cookie.
  2. Also, I found somewhere that we can use express server as middleware between actual processing server and we can set and get our secured cookie at express server but I would be large task to switch at this stage.

Can anyone suggest me some other better approach to set and get my cookie with httpOnly set as true using react js. All the suggestions are welcomed! Thanks in advance.

Balram Chauhan
  • 171
  • 1
  • 2
  • 14
  • You either want to access the cookie from JS **or** set it to HTTP-only. Trying to do both makes no sense. – jonrsharpe Aug 25 '20 at 14:29
  • yes @jonsharpe, you are right here but how should I manage this now beacuse my frontend is on react js and I have implement secured cookie. – Balram Chauhan Aug 25 '20 at 15:31

1 Answers1

0

You should set httpOnly to in the backend, also no need to send cookie by each request because it's included in every request. also to work in react app you should set sameSite to "None", secure to true along with httpOnly to true

Mohammad Momtaz
  • 545
  • 6
  • 12