Stack Overflow
Stack Overflow

Questions tagged [cookie-httponly]

Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.

Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.

Related Tags:

199 questions
0
votes
1 answer

Set-Cookie header not being passed with Azure Functions

I am trying to write an Azure Function which will set a HttpOnly cookie in the user's browser but it is not working. In Postman I can see the Set-Cookie header in the response, but this header is omitted when testing the function in the…
L. O'Shea
  • 75
  • 1
  • 10
0
votes
1 answer

How to make a "logout all" feature using HttpOnly cookies?

Is there any way to remove or expire the httpOnly cookie stored in the client when reaching the server from another client (e.g. 2 different browsers)? I want to create a "logout all" button that logs out the user from every device, by now I'm…
lucas.mdiniz
  • 95
  • 1
  • 7
0
votes
0 answers

Automatically refresh access token with laravel passport

When issuing access and refresh tokens I send them to the frontend with httpOnly = true. I made a middleware class which checks if the access token has expired and if the refresh token hasn't expired. If both are the case I call the oauth/token…
Ezrab_
  • 825
  • 5
  • 19
  • 44
0
votes
2 answers

Is it possible to set nginx Response cookies to http only without needing to rebuild?

The intended production environment will be utilising an AWS EKS nginx ingress controller so it would be preferable to not require a bespoke build of nginx. For local development the docker image https://hub.docker.com/r/lautre/nginx-cookie-flag has…
djamey
  • 11
  • 1
  • 4
0
votes
1 answer

How to append HttpOnly flag in the existing Set-Cookie response header with Angular UI and .net framework WebApi

I have an application with Angular as the Front end and .net framework 4.7 C# web api as the server side. This is hosted in IIS 10. Now our customer wants to add HttpOnly Flag in the Set-Cookie in the Response Header. When i check the Response…
Arun vv
  • 31
  • 1
  • 4
0
votes
1 answer

How do I access a httponly cookie (set by the client) on the server?

I have a Single Page Application built with React and ASP.NET Core 2.1 WebAPI on the backend. I am switching to storing auth0 tokens from localstorage to httponly cookies and have trouble accessing the auth0 token stored in an httponly cookie(set by…
RAS
  • 33
  • 1
  • 6
0
votes
0 answers

How to access parent application HttpOnly Cookie from a child angular 7 app

--Parent c# App hosted on (http://host) --Child Angular 7 App hosted on (http://host/child) I need to check for a cookie in parent application. I used 'ngx-cookie-service', it does not return the HttpOnly cookie. Is there anyway to access the…
Kannan M
  • 570
  • 2
  • 6
  • 19
0
votes
1 answer

How to extract httponly cookies from UWP WebView?

I know there are techniques to retrieve WebView cookies via HttpBaseProtocolFilter.CookieManager which is shared between WebView and HttpClient at least withing the borders of the same applications. However it does not give access to httponly…
Alex
  • 655
  • 1
  • 8
  • 16
0
votes
1 answer

Problems using ajax to access secure and httponly cookies from javascript

My website had no security on cookies and some cookies were set by javascript. For security reasons, I had to add secure and httponly flags and so to adapt my javascript. The only way I found was to use ajax. I wrote a php script called by…
Schonke
  • 11
  • 5
0
votes
1 answer

The behaviour of HttpOnly cookie on aspx

I did an HttpOnly cookie using the article: https://learn.microsoft.com/pt-br/dotnet/api/system.web.httpcookie.httponly?view=netframework-4.7.2 the creation of HttpOnly cookie is the following: // Create an HttpOnly cookie. HttpCookie…
felipe
  • 1,212
  • 1
  • 15
  • 27
0
votes
1 answer

'HttpOnly' should be added to 'auth' cookie

I've recently had a security audit on my website and was informed I need to apply 'HttpOnly' to my 'auth' cookie. I have no idea how to change this in the web.config file. The site is ASP.NET MVC. I'd appreciate it if someone could point me in the…
QBALL777
  • 15
  • 4
0
votes
1 answer

Insecure HTTP cookies

Morning good people. I have question related to HTTP Cookies, there is a way or tools that we can know our cookies have flag(s) Secure, HttpOnly? Thank you
Sahala Riyadi
  • 11
  • 1
0
votes
1 answer

create httpOnly cookie in Angular and Django

Am building an app using Django as the backend and Angular as the frontend. I understand that saving authentication token in httpOnly cookies is the safest, great. The real question is how do i do that. Been hearing around that i will need something…
phacic
  • 1,402
  • 1
  • 14
  • 21
0
votes
2 answers

SonarQube - Cookie not sent over SSL (CWE 614) (HttpOnly)

We're implementing SonarQube in our environment running behind an IIS proxy for HTTPS connection. After running a security scan on the application (HP Fortify), it came back with some cookie security issues, Specifically as follows: Cookie Security:…
lapfrank
  • 11
  • 4
0
votes
1 answer

Django SESSION_COOKIE_HTTPONLY set but the HttpOnly flag does not show up on cookies

I've set this variable in the settings file like this: SESSION_COOKIE_HTTPONLY = True but when I open the website with Google Chrome HttpOnly does not show up in set-cookie. My webserver is Apache2.4, and the website is using Https protocol.
Navid777
  • 3,591
  • 8
  • 41
  • 69
1 2 3
13 14