Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.
Questions related to cookies which should be sent only via HTTP. These cookies are not accessible via JavaScript.
Questions tagged [cookie-httponly]
199 questions
2
votes
0 answers
How EditThisCookie can edit value of Local HttpOnly Cookie from Chrome?
I need to edit locally stored HtppOnly cookies because my java program doesn't have browser capability so that I intent it to browser to view and manage same functions. But now the remote server has been updated and they use HttpOnly cookies (for…
makgun
- 155
- 2
- 8
2
votes
0 answers
Difference between HttpOnly and Signed Cookie
I want to know the difference between an HttpOnly cookie and a Signed cookie.
Note: I am not talking about cookie with a secure flag.
As far as I know, HttpOnly tells the browser that cookie is only accessible by server. And Signed cookie is sent…
Daksh Beniwal
- 61
- 1
- 1
- 3
2
votes
0 answers
Cookie reset on redirects
My app has multiple domains and has a feature that let the user switch to other local site.
When a user switch locale he is being redirected between the domains (for each domain the app will set cookie with the same locale settings).
At the end of…
Bitmap
- 106
- 2
- 9
2
votes
0 answers
Browser removes HttpOnly flag on token cookie set by server
I have a REST service providing JSON data to a JS application. During authentication, the server sets an HttpOnly cookie named token= and sets the HttpOnly flag. The HttpOnly flag is visible in the browser's developer tools.
But, when the JS app…
worldbeater
- 321
- 1
- 4
- 10
2
votes
1 answer
Angular2 httponly cookie not saved when adding custom http headers
I've came to dead end with implementing and handling CORS issues between Angular2 application and Java backend API.
I am aware and know what are CORS requests, have implemented already in angular1 apps, but I can't make it work in Angular2 (Ionic2)…
Eagle
- 103
- 1
- 7
2
votes
0 answers
Using Http-Only Cookie as Jwt Container
I know that many people might not agree with this implementation but I am looking to store a jwt inside a http-only container to prevent javascript access to the token. The .NET application retrieves a Jwt from an Identity Server once a user is…
GWilkinson
- 107
- 1
- 11
2
votes
1 answer
Internet Explorer 11 is Not Submitting HTTPOnly Cookies
So I'm working with an application that sends back an ID for the browser to use in future XHRs in an httponly cookie.
However, in future requests to the server, this cookie is not being submitted in IE11 on Windows 7. This works in Opera, Chrome,…
joshualan
- 2,030
- 8
- 23
- 32
2
votes
1 answer
Cookie not set after adding www to cookie domain
I can't get the cookie set in the browser. This happens when I add www to the cookie domain, but can't figure out why.
Problem description
We have a domain mycompany.com, an application running under mycompany.com and another application under…
mody75
- 21
- 3
2
votes
1 answer
Access a secure cookie from a Greasemonkey script?
Is there anyway to access a secure cookie from a Greasemonkey script?
I wrote script that uses the document.cookie.split function. It returns a list of cookies but it doesn't included the secure cookie(s).
Hadi
- 130
- 2
- 8
2
votes
1 answer
HttpOnly cookie, ajax request and server-side security in a js client application
I have a js client applcation that uses an http-only cookie to store the currently authenticated user's credentials. The application uses the data in the cookie to perform the per-request authentication.
However, the application does make ajax…
Ivaylo Slavov
- 8,839
- 12
- 65
- 108
1
vote
2 answers
Missing HTTPOnly Cookies at HTTP Request from child iFrame or pop-up window
Browser (Chrome) doesn't set HttpOnly cookies from child iframe or pop-up window
I have a parent webpage with a child iframe:
Parent at https://sub1.some-domain.com
Child at