Stack Overflow
Stack Overflow

Questions tagged [cookie-httponly]

Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.

Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.

Related Tags:

199 questions
4
votes
1 answer

Consuming httpOnly cookies from Postman

Is there a way of defining a httpOnly cookie in Postman and send it to the client is requesting it? Thanks in advance for your help. Regards
ESRISM
  • 101
  • 1
  • 10
4
votes
2 answers

How to configure httponly and secure flag in .net core 2.0?

There is no error But I am unable to configuration httponly status in browser. Can you check my code please. public void ConfigureServices(IServiceCollection services) { services.AddDistributedMemoryCache(); services.AddMvc(); …
Raju Pandey
  • 81
  • 1
  • 1
  • 3
4
votes
1 answer

How to know if a cookie is HttpOnly server side

I have an application using Spring Boot where I set a HttpOnly cookie. In the browser I can inspect it and see that it's well set as HttpOnly. With this I avoid the client side from using javascript on it. But, do I have to do anything on the…
Juan Vega
  • 1,030
  • 1
  • 16
  • 32
4
votes
0 answers

HttpOnly cookie and XSRF-TOKEN in angular js

I have an angular js web application with play framework as server side. I am using Google plus sign-in button to authenticate users. I need to authenticate all my ajax calls in the server side. After going through documentation that's available on…
DBS
  • 794
  • 2
  • 9
  • 21
4
votes
1 answer

Why is request.getsession() not returning the same session

I am developing a single page web application. I have included a java filter to intercept the html page request. So in this filter I am creating a session using request.getSession(). And then I am setting the JSESSIONID cookie explicitly as I have…
tiger
  • 653
  • 7
  • 18
4
votes
1 answer

is HTTP only attribute setting missing in jboss7?

I used the following steps with JBOSS5 and 6, but these are not applicable to JBOSS 7: - change server/CONFIG/deploy/jbossweb.sar/context.xml - add As I found solution for jboss7, Add the http-only…
bNd
  • 7,512
  • 7
  • 39
  • 72
3
votes
3 answers

How to redirect if login is successful?

How to redirect from login page if login is successful? I'm using HTTPOnly Cookie for user authentication. With the code below i'm able to redirect to home page if user logs in with their credentials. Nevertheless, if the user enters incorrect…
AndresM
  • 61
  • 3
3
votes
0 answers

Laravel / SvelteKit sending serverside request with Cookie header

I am making authentication with SvelteKit and Laravel. This is the flow i currently have: User logs in with correct credentials. User login route has no middleware enabled on the Laravel side. This login request returns a JWT token, which gets…
Gobbin
  • 530
  • 3
  • 17
3
votes
2 answers

How does httpOnly prevent from malicious package to steal the content in it?

If for example, an installed third party package issues an HTTP request to their servers, and by default, any HTTP request leaves with the cookies content in the request headers, doesn't it make the content to be exposed to the server who receives…
Raz Buchnik
  • 7,753
  • 14
  • 53
  • 96
3
votes
0 answers

Cross Origin httponly cookie with nodejs and fetch

I have a question regarding a cross origin httponly cookie, I have created a very simple express example const express = require("express"); const cookieParser = require("cookie-parser"); const app = express(); const port =…
Mehdi Amenein
  • 937
  • 9
  • 23
3
votes
1 answer

Could not disable HttpOnly flag in browser via ColdFusion

In our application, we use J2EE session variables for session management. We recently migrated from ColdFusion 9 to ColdFusion 2018. After migration, the logout functionality is not working. What we found is that, in ColdFusion 2018, the cookie…
user3742125
  • 617
  • 2
  • 9
  • 31
3
votes
2 answers

asp.net core session not working , set cookie in response header but not set in browser

I am using sessions to manage application state in ASP.NET CORE and it's configured as below. services.AddSession(options => { options.CookieName = ".my.Session"; options.IdleTimeout =…
noobProgrammer
  • 2,884
  • 3
  • 17
  • 20
3
votes
1 answer

set session cookie secure and httpOnly for LFR_SESSION_STATE_%

Environment : Liferay 6.2 with Jboss We are trying to implement httponly and secure. For this we have dome some changes like below Added in Portal-ext.properties : cookie.http.only.names.excludes= and Added following properties in…
mahesh
  • 909
  • 2
  • 18
  • 37
3
votes
2 answers

Scala: Play Framework 2 ignores httpOnly flag in application.conf

I want to use i18n in my Play-Application (Play 2.1, Scala). The chosen language is stored in the PLAY_LANG-Cookie, but unfortunately this cookie is httpOnly. That means I can't read its value in my JavaScript files. I tried changing the…
user2346275
  • 31
  • 2
2
votes
0 answers

How can i get cookie on server side server/api on page reload Nuxt 3

Hi I am using Nuxt 3 I am trying to set and get cookie on server/api. I have two pages index.vue and about.vue and two server/api files setcookie.get.js and getcookie.get.js. In the index.vue making request to /api/setcookie on a button click to set…
Johnny
  • 21
  • 3
1
2
3
13 14