Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.
Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.
Questions tagged [cookie-httponly]
199 questions
-1
votes
1 answer
Browser doesn't send the HttpOnly cookie when multiple domains are being used for frond-end and backend
I have an angular SPA and .net core 3.1 API to serve the front-end requests.
FE Domain: https://foo.an.fe.mydomain.com:4200 //Also tested in dev environment without port number
API Domain: https://foo.an.api.mydomain.com:5001 //Also tested in dev…
Ash
- 447
- 2
- 6
- 19
-1
votes
1 answer
How to use httpOnly on the client side when using jwt for authentication?
I understand how to set the cookie to be httpOnly on the server side when using express and jwt.
res.cookie("jwt", accessToken, { secure: true, httpOnly: true })
However how can we leverage the httpOnly on the client side to make the authentication…
Waterfr Villa
- 1,217
- 1
- 10
- 33
-1
votes
1 answer
Http-only flag not working on tomcat 6 and servlet 2.5
I want to make my cookie secure and http request only. I've seen many post like this and seem to work fine, but using configuration files and servlet +2.5. What I basically want to do is to set my cookie http only and (if possible) ssl only as well.…
-1
votes
1 answer
Setting cookie_httponly in zend framework doesn't work
I want to enable httponly cookies in my zend based application. In order to do so, I added below line in application.config.php
'cookie_httponly' => true
to existing session_config array and it looks like below
'session_config' => [
// Set the…
Tanu Jain
- 1
- 2