Stack Overflow
Stack Overflow

Questions tagged [httponly]

HttpOnly is a flag in the cookie header to hide data from JavaScript

HttpOnly is a flag in the cookie header, indicating that the browser should hide this cookie from JavaScript and only use it for HTTP and HTTPS requests.

Important Note

HttpOnly just makes exploiting XSS vulnerabilities a little more difficult. It does not provide protection against XSS.

External Links

294 questions
0
votes
2 answers

httponly cookie web 3.0 causing unexpected timeout

Just recently, I migrated from web 2.4 to web 3.0. One of the requirements of this migration was that, I need to introduce the 'httponly' cookie in my application. So, I added the following sessionconfig element to my…
user1066568
  • 717
  • 3
  • 15
  • 32
-1
votes
0 answers

Get access token from HttpOnly cookie for server side request with getServerSideProps

So, I've been working on a project using nextjs for frontend and django for backend. I'm also using HttpOnly cookies for my access and refresh tokens that I'm setting from my django backend. So, the thing is, if I send my requests on the client side…
LucyFord
  • 1
  • 1
-1
votes
1 answer

How to read Cookies HttpOnly in ReactJs. NextJs can read Cookies HttpOnly by middleware.ts file. It mean other site can easy get my Cookies?

After login api I set res.cookie from server with flag HttpOnly true, secure true, samesite: true. Cookie is a jwt token so I need read the cookie to get user data, then ditpatch to Redux for login and change UI. Cookies in application I can read…
Joyce
  • 1
  • 1
-1
votes
1 answer

Express to express - How can httpOnly cookie can be forwarded?

When the frontend (A) is hitting the backend for /login, The backend ExpressJs (B) responds with a httpOnly cookie by doing: ctx.res.cookie('auth-token', jwt.sign({ userId: userId }, APP_SECRET, { expiresIn: 100000 }), { httpOnly: true, …
Alan
  • 9,167
  • 4
  • 52
  • 70
-1
votes
1 answer

exclude regular expression

I have a regular expression for the HttpOnly configuration : Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure For Appdynamics EUM, i want to exclude from this regular expression everything that begin with "ADRUM" (without quotes). How can i proceed…
Ludovic LACHEVRE
  • 111
  • 2
  • 13
-1
votes
1 answer

ASPSESSIONID missing HTTPONLY attribute for classic ASP

I am trying to find a way to enable HTTPONLY on the ASPSESSIONID cookie that is auto generated for classic ASP sites. I know that .NET 2.0+ sites have the ASP session cookie defaulted to HTTPONLY, but I need to get this configured for classic ASP. I…
user1903219
  • 91
  • 2
  • 4
-1
votes
4 answers

Get HttpOnly cookies with javascript

do you know of any way to get access to HttpOnly cookies using javascript. I know that the point of those cookies is that you won't be able to get them this way (for security reasons). But still, is there absolutely now way to achieve this? Hasn't…
user1094565
  • 9
  • 3
  • 5
-2
votes
0 answers

Clear httponly cookie from Angular

I have an Angular app (version 5) where I have a http only cookie passed from server on successful authentication, that i need to clear. I have tried methods using ngx-cookie-service such as this cookies.delete(cookie name),…
rag
  • 1
-2
votes
1 answer

PHP session not working after setting secure httponly

Friends, I have a testing web server with Apache 2.2, with valid SSL certificate and PHP sessions are working fine on it. As part of security recommendations I have set Header set Set-Cookie HttpOnly;Secure entry in httpd.conf the sessions are not…
Sam
  • 1
  • 2
1 2 3
19
20