After login api I set res.cookie from server with flag HttpOnly true, secure true, samesite: true. Cookie is a jwt token so I need read the cookie to get user data, then ditpatch to Redux for login and change UI.
I can read any cookie in NextJs, but ReactJs is not. Any solution for my case. If i can not set HttpOnly true, Does it mean other site can easy get my cookie? Does the HttpOnly flag really matter?
Any solution. Maybe change my login flow. Thanks
Without additional context and the code snippet, it's difficult to pinpoint what you're trying to do.
However, In a client-side app built with React.js you can't directly access cookies marked with HttpOnly flag for security reasons. The HttpOnly flag is designed to prevent client-side JS from accessing cookies, enhancing the security of sensitive info stored in cookies, such as session tokens or auth tokens.
You can send the cookies automatically with each request to the server and make the server validate the cookie and retrieve the necessary info..
Some possible approaches include Using a API endpoint, Proxy the request or store necessary info in the client-side.
Even if other sites cannot directly read your cookies, it is still important to implement additional security measures and best practices to protect sensitive user information and prevent unauthorized access to your application.
You should consider reviewing your login flow. Check this
