Skip to main content
220 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
1 vote
0 answers
121 views

I’m setting an HttpOnly cookie in the browser every time a user logs in or signs up on my website. This cookie contains a refresh token that I use to get a new access token. The problem is that the ...
Mohamed El_Brabary's user avatar
  • 11
0 votes
0 answers
47 views

This is my nodejs server socket.io code: const io = new Server(server, { cors: { origin: "*", // Allows connections from any origin methods: ["GET", "POST"] // ...
yeln's user avatar
  • 757
0 votes
0 answers
142 views

I’m building an app where my backend is a Laravel API (running on http://localhost:8000) and my frontend is a Next.js 15 app (running on http://localhost:3000). I want to store the Sanctum token ...
Lana Hanna's user avatar
  • 143
0 votes
0 answers
126 views

I have a React web app that I’m running inside a Capacitor container. The backend issues an HttpOnly cookie (refresh_token) for authentication. When I test in a normal browser, everything works: ...
Bear Bile Farming is Torture's user avatar
  • 5,505
0 votes
1 answer
144 views

I have Spring Cloud Gateway in my microservice application whit HttpOnly to secure the handeling of tokens. I implemented a GlobalFilter to get tokens from the cookies and add it in the header of the ...
ousmane MBINTE's user avatar
  • 17
0 votes
1 answer
339 views

I'm currently using AddMicrosoftIdentityWebApi for authentication with Microsoft Entra ID in my ASP.NET Core Web API. services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme) ....
nop's user avatar
  • 6,637
0 votes
1 answer
75 views

I have frontend running at https://fe-qa.mydomain.com and backend at https://qa.mydomain.com. In the Chrome Dev Tools under Network, I can see that when frontend calls https://qa.mydomain.com/foo/bar2,...
jjrz's user avatar
  • 379
1 vote
0 answers
97 views

I'm working on a web application where the client app runs on one domain (e.g., https://client.example.com) and needs to make API calls to a different domain (e.g., https://api.somedifferentdomain.com)...
sham999's user avatar
  • 139
0 votes
1 answer
178 views

EDIT: Incorrect question. I was getting only an empty object at the backend due to misconfiguration. I thought it was a part of HTTP-ONLY to make cookies inaccessible. (I cannot delete the question) ...
sanaaa's user avatar
  • 47
0 votes
1 answer
131 views

When implementing API authentication using JWTs, most standards (like OAuth 2.0 and OpenID Connect) recommend placing the token in the Authorization header, using the Bearer scheme However, I’m ...
ahmadsab's user avatar
  • 1
0 votes
1 answer
464 views

I'm trying to remove and httpOnly Cookie that I set on serverSide of my nextjs project ,but when I can't remove it at all. I don't get any errors. I tried to use route handler so that i can remove it ...
Arash Forghanbin's user avatar
  • 11
0 votes
1 answer
84 views

I'm building a web application with an ASP.NET Web API backend and a Vue.js frontend. I've implemented JWT authentication and am storing the access token in an HTTPOnly cookie for security reasons. ...
Nikusha Gabidzashvili's user avatar
  • 1
-1 votes
1 answer
99 views

I am trying to create authentication for an admin panel using JWT tokens and HTTP-only cookies with Express.js. When I send a request from the frontend, it gives a successful response but doesn’t ...
Muhammad Ahmed's user avatar
  • 1
0 votes
1 answer
241 views

I have a backend in Asp.net Core that handle authorization with jwt tokens. This backend may interact with differents clients. To some of them (browser, compliant lib... ) it will send a secure ...
pierre.b's user avatar
  • 303
0 votes
0 answers
60 views

I'm working on a Django REST Framework project with JWT authentication. I'm trying to implement a token refresh mechanism using HTTP-only cookies, but I'm having trouble receiving the refresh token ...
Lord Konadu Kweku's user avatar
  • 25
0 votes
1 answer
226 views

Im using Laravel Passport and I'm trying to convert my code from using tokens stored in the localhost to using httponly cookies. I followed this documentation: https://laravel.com/docs/5.8/passport#...
JRC's user avatar
  • 1
0 votes
1 answer
177 views

I am currently building an app using following stack: Next.js Node.js, Express.js PostgreSQL. I build an authentication using JWT HTTPOnly cookie. Below is my code to how I do login, logout and verify ...
Scorpion King's user avatar
  • 1
0 votes
0 answers
143 views

I am trying to authenticate with the http only cookies. My front end is VUE 3 and backend is laravel. I am successfuly logging in. My login functions is public function login(Request $request) ...
Azay Karimli's user avatar
  • 43
0 votes
0 answers
32 views

For some reason when I login it doesn't set cookie session for client to access content Expressjs app setup: const app = express(); app.use(express.urlencoded({ extended: false })); app.use(express....
Saifujjaman Abir's user avatar
  • 1
0 votes
0 answers
70 views

I'm storing my authentication token on an http-only cookie. When an user logs-in, an http cookie carrying the token will be set. Here's the code to process the login: @PostMapping("/processlogin&...
minhson Bui's user avatar
  • 31
1 vote
0 answers
215 views

Client Side is running on 4200 and Server side is on port 80 My index.php headers are header('Access-Control-Allow-Origin: http://localhost:4200'); header('Access-Control-Allow-Methods: *'); header(&...
yoenuts's user avatar
  • 53
0 votes
1 answer
65 views

I have an ASP.NET Core 8.0 Web API that is configured to authenticate with http-only JWT token. This is my code to create the authentication and authorization: builder.Services.AddAuthorizationBuilder(...
guirms's user avatar
  • 383
0 votes
1 answer
97 views

We are using http-only cookie based JWT authentication in our MERN application. Recently we experienced a suspicious activity from a user. User created an account and then made a POST request with a ...
Salman's user avatar
  • 13
0 votes
0 answers
103 views

When your backend is deployed to aws and you have to develop http cookie authentication to a locally hosted reactjs frontend how do you implement it? The issue is.. When I call the login API endpoint ...
Pankaja Chalaru's user avatar
  • 3
0 votes
0 answers
17 views

I have defined the following function to use fetch to make post or get requests: async function postData(url = "", data = {}) { // Default options are marked with * const response = ...
user avatar
1 vote
0 answers
461 views

I'm setting an HTTP-only cookie to JWT token, then when I'm refreshing the page on frontend. It automatically calls endpoint which has getCheckToken on it. When I try to retrieve that set HTTP-only ...
James Hetfield's user avatar
  • 53
2 votes
1 answer
2k views

I'm currently developing a mobile app using Flutter for iOS and Android for a customer whose application already exists for the web + has been setup in the form of a REST API already. The idea is to ...
DevelJoe's user avatar
  • 1,592
0 votes
0 answers
262 views

i see some weird behavior with http-only cookie - if i make subsequent request, the set-cookie header sent from the backend is not sent properly on the next request. for example i tried it even via ...
Eyal Amor's user avatar
  • 1
1 vote
2 answers
1k views

I know that the safe approach to work with auth tokens is to use Http-Only, because with that, the JWT token will be read and set only on the server side. Ok, that makes sense to me. My problem is: ...
guirms's user avatar
  • 383
1 vote
1 answer
60 views

I seem to be having trouble persisting my athntication status between django and reactjs ( when i refresh the page ) i loose authentication. upon sending requests to my endpoints in postman with my ...
newprogrammer12's user avatar
  • 253
1 vote
1 answer
3k views

We are going to a new authentication with tokens in http-only cookies. After login i receive access token and CSRF_COOKIE in Set-Cookies response header. As I know these cookies has to automatically ...
emmarrat's user avatar
  • 53
0 votes
1 answer
106 views

Currently I have finished backend and I tried to deploy it on heroku, but when I change api calls of my frontend(react typescript) to the new heroku.com url, the session just cannot work (can't save ...
Ayaka's user avatar
  • 1
1 vote
0 answers
612 views

I'm poking around with Nuxt.js and fiddling about with authentication. In the past, I've used mostly session-based authentication, so much of this is quite new to me. Thanks in advance! What I'd like ...
Ryan Dorn's user avatar
  • 847
0 votes
0 answers
109 views

I am working on moving my React App to NextJS. My application has a custom backend API which sends an http-only cookie on authorization. On my original React App without NextJS, my API endpoints' ...
user3054977's user avatar
  • 93
0 votes
0 answers
214 views

Cookie is sent using ajax by setting withCredentials: true Getting the below error: { "error": "invalid_token", "error_description": "Token required but invalid"...
donut9's user avatar
  • 21
1 vote
1 answer
255 views

I'm using a sveltekit. What I want is to update the input data. The update itself is simple, but there is a problem, which is that i need to send an accessToken in a header to send an update API ...
Jay0813's user avatar
  • 113
0 votes
1 answer
92 views

I have generated signed token and assigned it to httponly secure cookie from the back-end nodejs server. This token include the user id to validate the user is logged in. Currently, store that ...
asela daskon's user avatar
  • 584
2 votes
2 answers
2k views

Browser (Chrome) doesn't set HttpOnly cookies from child iframe or pop-up window I have a parent webpage with a child iframe: Parent at https://sub1.some-domain.com Child at <iframe src="...
Taras Yaremkiv's user avatar
  • 3,610
0 votes
0 answers
781 views

I am trying to create a simple website experience using aws cloudfront, s3, api gateway, lambda authorizer, cognito identity pool and lambda functions. I have an index.html and related script.js at s3 ...
Arunava Das Gupta's user avatar
  • 1
3 votes
0 answers
1k views

Hi I am using Nuxt 3 I am trying to set and get cookie on server/api. I have two pages index.vue and about.vue and two server/api files setcookie.get.js and getcookie.get.js. In the index.vue making ...
Johnny's user avatar
  • 71
0 votes
1 answer
295 views

I have a Vertx based backend. My base router gets the follwoing cors handler: val corsHandler = CorsHandler.create().addOrigin("http://localhost:5173") router.route().handler( ...
Moonlander's user avatar
  • 11
3 votes
1 answer
2k views

I've always been under the impression that storing both of these tokens in an httpOnly cookie is secure enough, but been lately reading some people only store the refresh token in the cookie, and ...
Nelson Melon's user avatar
  • 31
0 votes
1 answer
383 views

When I work on my local setup or on server, I run into a cookie issue because I have to manually clear browser cookies before seeing new changes. I'm using react for my application. By Javascript ...
Madhuri's user avatar
  • 29
0 votes
1 answer
61 views

We are trying to get express-session to work in our App, currently for our login endpoint, I see that express session is returning the expected Cookie, it matches what is in the Sessions Store But I ...
shaun's user avatar
  • 1,273
0 votes
1 answer
878 views

A coworker told me "httponly cookies cant be interacted with by the browser, hence you can't integration test anything with them." But someone in a Discord server told me otherwise: "...
plutownium's user avatar
  • 2,239
0 votes
0 answers
694 views

So, I've been making some custom session initiation code and have run across some issues in uisng HTTPonly cookies, for some reason I am not able to acess the cookies set to HTTPonly using $_COOKIE[&...
Ahan's user avatar
  • 123
3 votes
1 answer
4k views

Problem I'm working on a FastAPI application that requires authentication for certain endpoints to be reached by users. I'm using Oauth2 and Jose from FastAPI to create JWTs for my authentication ...
snkennedy21's user avatar
  • 85
1 vote
1 answer
182 views

In many of my previous projects with auth I used localstorage or sessionstorage to store the JWT. Trying to use http only secure cookies, the only issue I am running into is trying to a seperate ...
Caleb's user avatar
  • 499
1 vote
0 answers
99 views

Okay, so the idea was to use a HttpOnly cookie to store the JWT in the browser to authenticate and persist session. Backend: http://<project>.<company>.test/api (internal test) The problem ...
K. Anye's user avatar
  • 198
3 votes
1 answer
2k views

I have encountered an issue while creating a cookie in the backend, which I will later use to send a request from the frontend. Both apps are on the same domain. This is the general idea behind it: ...
Ronald's user avatar
  • 41

1
2 3 4 5