Stack Overflow
Stack Overflow

Questions tagged [session-cookies]

Session cookies enable a server and a browser to establish an identified connection (through cookies) and communicate though it.

Session cookies are temporary files that exist for a particular user for a pre-defined duration. Once this duration is expired, the session cookies are erased.

Session cookies allow a website to keep a state or memory of the visitor as they navigate between pages of the website.

4816 questions
34
votes
4 answers

Client only cookies - cookie which doesn't ever go to the server

I want to store user-clicked data in a cookie which never has to go to the server. Its like a session-added data, which I want to persist over sessions, as in the data just keeps adding to the cookie, and it is stored for a long time, and only gets…
Siva Bathula
  • 746
  • 1
  • 8
  • 19
33
votes
8 answers

Set httpOnly and secure on PHPSESSID cookie in PHP

Whats the recommended way to set httponly and secure flags on the PHPSESSID cookie? I found http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-httponly. Any better suggestions? thanks
Steve
  • 3,601
  • 4
  • 34
  • 41
33
votes
6 answers

This Set-Cookie didn't specify a "SameSite" attribute and was default to "SameSite=Lax" - Localhost

I'm a front-end developer working on an application where the login/ response put a Session-Cookie on the client. The later request will be authorized since the user "logged in". Starting from Chrome 80 All cookies without a SameSite attribute will…
Gil Epshtain
  • 8,670
  • 7
  • 63
  • 89
32
votes
4 answers

How do I create persistent sessions in PHP?

I used session_start() to initiate a session in PHP, but when my browser closes, the session is gone. How do I use PHP to create persistent sessions that last across browser closes?
John Hoffman
  • 17,857
  • 20
  • 58
  • 81
31
votes
3 answers

Set cookie for domain instead of subDomain using NodeJS and ExpressJS

I have been using expressjs and mongostore for session management. Following is the code to configure store in expressjs, app.configure(function(){ app.use(express.session({ secret: conf.secret, maxAge: new Date(Date.now() +…
Raja
  • 3,477
  • 12
  • 47
  • 89
31
votes
3 answers

Cookies vs Basic Auth

Why almost all websites out there are using cookies instead of basic auth? It can't be only that the user/pass window is ugly and none of them is more secure. They are both insecure (without https).
loxs
  • 1,476
  • 1
  • 12
  • 27
30
votes
4 answers

Forcing Tomcat to use secure JSESSIONID cookie over http

Is there a way to configure Tomcat 7 to create JSESSIONID cookie with a secure flag in all occasions? Usual configuration results in Tomcat flagging session cookie with secure flag only if connection is made through https. However in my production…
Krešimir Nesek
  • 5,302
  • 4
  • 29
  • 56
29
votes
2 answers

What is the difference between cookie and cookiejar?

Today I faced the term "cookiejar" (package net/http/cookiejar). I tried to gather some information regarding it, but got nothing intelligible came out. I know that cookie is key/value pairs that server sends to a client, eg: Set-Cookie: foo=10,…
Timur Fayzrakhmanov
  • 17,967
  • 20
  • 64
  • 95
29
votes
11 answers

phpmyadmin token mismatch for long time idle

I installed phpMyAdmin 4.0.4.1 on my local develop enviroment, I set auth_type to config. Also I provide authentication requirements by this settings: $cfg['Servers'][$i]['auth_type'] = 'config'; $cfg['Servers'][$i]['host'] =…
Arash Mousavi
  • 2,110
  • 4
  • 25
  • 47
28
votes
1 answer

Switching between HTTP and HTTPS pages with secure session-cookie

Update: Note that every website switching between unsecure HTTP and encrypted HTTPS pages, is inevitable prone to SSL-strip. Please think about using HTTPS for the whole site, although this neither can prevent SSL-strip, at least this gives the…
martinstoeckli
  • 23,430
  • 6
  • 56
  • 87
28
votes
3 answers

Postman: How do you delete cookies in the pre-request script?

All the postman cookie-management answers I've seen refer to either the browser extension (open chrome, delete cookies viz interceptor etc) or with the app, using the UI to manually manage cookies. I would like to delete certain cookies in my…
K5 User
  • 606
  • 1
  • 6
  • 10
28
votes
3 answers

Tomcat 7 sessionid cookie disable http-only and secure

I have a web application which is running on a Tomcat 7 server. The cookie with session id has by default the flags HttpOnly and Secure. I want to disable this flags for the JSESSIONID cookie. But it wont work. I have changed this in my web.xml file…
JEE-Dev
  • 281
  • 1
  • 3
  • 5
27
votes
2 answers

fetch() cannot set cookies received from the server?

I am using Express.js server. With cookie-parser I have opened this endpoint app.get("/s", (req,res) => { res.cookie("bsaSession", req.session.id) res.send("set cookie ok") }) When I manually use the browser to http://localhost:5555/s where…
5argon
  • 3,683
  • 3
  • 31
  • 57
27
votes
2 answers

ExpressJS session expiring despite activity

Bringing this question to SO since the express group didn't have an answer. I'm setting the session maxAge = 900000 and I see that the the expires property on the session cookie is set correctly. However, on subsequent requests the timeout is not…
jckdnk111
  • 2,280
  • 5
  • 33
  • 43
26
votes
7 answers

How to tell PHP to use SameSite=None for cross-site cookies?

According to the article here https://php.watch/articles/PHP-Samesite-cookies and PHP documenation at https://www.php.net/manual/en/session.security.ini.php, There are only 2 possible config options for this new feature, added in PHP…
Dane Iracleous
  • 1,659
  • 2
  • 16
  • 35
1 2
3
99 100