Stack Overflow
Stack Overflow

Questions tagged [cookie-httponly]

Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.

Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.

Related Tags:

199 questions
2
votes
1 answer

Is storing JWT access token in app memory or both in httpOnly cookies?

I've always been under the impression that storing both of these tokens in an httpOnly cookie is secure enough, but been lately reading some people only store the refresh token in the cookie, and since the accessToken is short lived, they store it…
Nelson Melon
  • 21
  • 2
2
votes
1 answer

How do I validate a JWT that's sent as an HttpOnly cookie in FastAPI?

Problem I'm working on a FastAPI application that requires authentication for certain endpoints to be reached by users. I'm using Oauth2 and Jose from FastAPI to create JWTs for my authentication process. After doing some research, it seems that the…
snkennedy21
  • 65
  • 5
2
votes
1 answer

Browser Cookie never expires

I'm implementing for first time a login Auth with HTTpOnly Cookie. In my case, the cookie it's created when user calls login method in a Python service with fastapi and uvicorn. I've read the MDN documentation to implement the expires property and…
amelian
  • 436
  • 1
  • 6
  • 17
2
votes
1 answer

Spring-security - httponlycookie into existing jwt intergration?

I have been told it is insecure to just use JWT without HttpOnly cookie when using a seperate frontend-service. As suggested here: http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-for-sessions-part-2-why-your-solution-doesnt-work/ HttpOnly…
ABpositive
  • 291
  • 1
  • 18
2
votes
1 answer

Laravel Sanctum API httpOnly cookie 'has been rejected for invalid domain'

I have a Laravel 9 api only installation. Login/Logout and any other api routes are working as they should. I'm trying to set a httpOnly cookie on login for use with my ReactJS frontend but it is getting rejected for invalid domain. The cookie will…
tafn3t
  • 43
  • 5
2
votes
1 answer

Cant set cookie when CORS request comes from iPhone. Works for windows and mac users

The Setup / Environment Client: (React.js, vs code, axios) POST request to backend server to set auth cookie. On every refresh Ill verify the cookie by a GET request to the auth backend server. Every axios call is done with the…
Hannes
  • 140
  • 1
  • 3
  • 18
2
votes
2 answers

Is it possible to set an HttpOnly Cookie from one domain to another subdomain

I originally posted this question here: https://security.stackexchange.com/questions/255737/is-it-possible-to-set-an-httponly-cookie-from-one-domain-to-another-subdomain Please keep in mind that this question is specific to cookies with the HttpOnly…
briancaffey
  • 2,339
  • 6
  • 34
  • 62
2
votes
0 answers

Sending http only cookie in Authorization header django-rest-framework

I'm building a rest API using django-rest-framework with auth implementation with django-rest-knox and I want to store the token in an http only cookie with a React frontend. So I've used thie code: from django.contrib.auth import login from…
Fady's Cube
  • 158
  • 1
  • 7
2
votes
1 answer

Cookies.get() is undefined

EDIT: its work / i can get the cookies value when the httpOnly = false, Why? Im using js-cookie package, When I open the chrome dev tools, there is a cookie token. but when im using Cookies.get('token'), result is undefined. and using Cookies.get()…
Zulfikar Ahmad
  • 407
  • 1
  • 7
  • 18
2
votes
1 answer

How to get hold of a http-only cookie value in Next.js?

I am developing a web app using Next.js and I used HTTP-only cookies to manage authentication. I set a cookie called token using the following code. I used an npm package called cookie for this res.setHeader( "Set-Cookie", …
Pasindu Prabhashitha
  • 380
  • 3
  • 15
2
votes
0 answers

NextJS is not including my HttpOnly Cookie provided by .NET Core Webapi

I'm having a problem where my nextjs application is not passing trough the HttpOnly cookie created by my backend. In my login mechanism I provide the cookie by the following code. (Backend) Response.Cookies.Append("jwt", mytoken, new…
JeffreyM
  • 387
  • 1
  • 4
  • 13
2
votes
1 answer

How can I create secure/httpOnly cookies with document.cookie?

If I create the function: function setCookie(name, value) { // this works: // document.cookie=name + "=" + escape(value) + "; path=/;"; // this does not: // document.cookie=name + "=" + escape(value) + "; path=/; secure;…
simlpymarkb
  • 335
  • 4
  • 11
2
votes
0 answers

How to set cookie in my custom authentication view( django-rest-framework-simplejwt)?

After login access and refresh token seted in httponly cookie.So I create CustomAuthentication(Inherit from JWTAuthentication) view to get the httponly cookie.If access token invalid at that time InvalidToken error except(see my below code) then…
Pradip Kachhadiya
  • 2,067
  • 10
  • 28
2
votes
2 answers

Django REST: How do i return SimpleJWT access and refresh tokens as HttpOnly cookies with custom claims?

I want to send the SimpleJWT access and refresh tokens through HttpOnly cookie. I have customized the claim. I have defined a post() method in the MyObtainTokenPairView(TokenObtainPairView) in which I am setting the cookie. This is my code: from…
forest
  • 1,312
  • 3
  • 20
  • 47
2
votes
2 answers

Spring Boot + Angular 9 JWT token store in HTTPOnly Cookie

I am using Spring boot with Angular 9 with STATELESS session implementation. The application is successfully performing login and registration functionality. String boot generates token(JWT) on each and every request of login. After login when I…
Ajay Mishra
  • 21
  • 1
  • 2
1 2
3
13 14