409 questions
0
votes
1
answer
92
views
Refresh Token Rotation lead to Infinite Time logged in
Currently, I am trying to implement access token and refresh token in my application.
I am storing the refresh token in the user schema.
interface IUser {
refreshTokens: []
}
When the user logs ...
- 964
0
votes
0
answers
21
views
modify saml assertion cookie to reflect new domain
I'm working in asp.net mvc
To achieve cross-domain re-auth I'm relying on AJAX call where I return response with repost url and then js send request to repost url
I modify Controller.Response.Cookies ...
- 9,181
1
vote
1
answer
365
views
Failing to set cookie for SessionMiddleware due to 'invalid domain' (separate frontend/backend)
I set up Session Middleware with my FastAPI backend to authenticate my React frontend users, which worked with domain=127.0.0.1. Now that I've deployed both my frontend and my backend to two separate ...
- 514
2
votes
0
answers
669
views
AutoRefresh/Logout in Directus SDK fails (400 Bad Request - refresh_token is required in either JSON payload or Cookie)
I am trying to set up an authentication logic using Directus SDK and Next.js for the front end.
Here is the directus.js which contains the initial SDK configuration:
const directus = createDirectus(...
1
vote
0
answers
268
views
Is it possible to bypass JWT authentication if you know the secret key but not the timestamp?
I found an interesting website with a JWT bypass vulnerability. It uses a simple secret key that can be discovered using brute force, which I did. However, I couldn't exploit the vulnerability because ...
- 11
0
votes
1
answer
362
views
In Springboot how to configure http only response cookie (refresh token) from subdomain (api.example.com)
I have my frontend running on "https://example.com" and backend running on "https://api.example.com".
From backend, the login endpoint "https://api.example.com/auth/login"...
- 3,406
0
votes
1
answer
698
views
Refresh Token cannot be written into the browser's cookies
I encountered a strange situation. My project uses an HTTP-only refresh token. After the user successfully completes the login verification, the backend sends an HTTP-only refresh token to the ...
- 11
1
vote
0
answers
141
views
http only cookie alternative in react native
i have got web project using mern stack where i store the jwt as an http only cookie, so that when user authenticates themselves, it is not required to pass the token as a header.
however, i will also ...
2
votes
1
answer
4k
views
Setting and sending http only cookies from Next.js 14 to Express.js
I have an express.js (node.js) as my backend, and next.js v. 14 as my frontend.
In the backend, I can send the cookie just fine, and I can protect certain endpoints also with the cookie. However, I ...
- 465
0
votes
0
answers
103
views
How to implement http-only cookie auth from aws hosted backend to locally hosted frontend?
When your backend is deployed to aws and you have to develop http cookie authentication to a locally hosted reactjs frontend how do you implement it?
The issue is..
When I call the login API endpoint ...
1
vote
1
answer
353
views
How to send or post cookie from client to server in .net
I have implemented this code to request a page and read the cookies set by the server:
myURI = new Uri(strURI);
request = (HttpWebRequest)HttpWebRequest.Create(myURI);
request.CookieContainer = new ...
0
votes
1
answer
302
views
Custom cookies not created in Firefox - NS_BINDING_ABORTED
This is an ASP.NET MVC application. The cookies are not getting created in Firefox. There is no such issue in Chrome or Edge.
HttpCookie myCookie = new HttpCookie("myCookie")
{
Value = &...
- 2,429
0
votes
1
answer
150
views
Spring boot, cookies on ip address domain
My server works on localhost and my VPN address (26.185.15.150), when I make request to http://localhost:3500/login/auth, I get correctly response and cookies. When I make request to http://26.185.15....
- 1
0
votes
0
answers
365
views
Get cookie from another application in an angular application
Is it possible to get a cookie stored by other application when the user clicked an hyperlink with target to the angular application?
java application ---> angular application
both application are ...
- 1
1
vote
1
answer
682
views
simpleJWT and dj-rest-auth Cookie based authorization
Between dj-rest-auth and simpleJWT I have been able to send the set-cookie messages, store the cookies in the browser, and send them back with each request (Axios' with credentials = true), but it ...
- 76
1
vote
2
answers
3k
views
How to send cookie with Laravel Http client?
I am trying to set cookies using the Laravel HTTP client. I know Laravel uses guzzlehttp/guzzle library in the backend.
This is the error I am getting when I try to set the cookies using withOptions ...
- 341
0
votes
0
answers
2k
views
How to use optional arguments in hydra in `http-form-post`?
Following is the partial result from : hydra -U http-form-post
Syntax: <url>:<form parameters>[:<optional>[:<optional>]:<condition string>
..................................
- 1
0
votes
1
answer
725
views
Set-Cookie response header doesn't set a cookie (GTM server-side implementation)
I'm trying to set a cookie with the response from my server-side GTM container.
My setup:
Custom HTML tag on client-side GTM:
<script>
fetch('{{sst address}}', {
method: 'POST',
...
0
votes
0
answers
197
views
Failed to unarchive saved Httpcookie in UserDefaults
I'm trying to save httpcookie from WKWebview and reuse it later. I can successfully save the cookie into Userdefaults, but when I tried to read the cookie, it failed to unarchive. Here is the code.
...
- 61
1
vote
1
answer
89
views
PInvoike InternetGetCookieEx2 returns Error 12006
I am trying to retrieve cookies using c#, but I get an error 12006 complaining about the URL. I use InternetGetCookieEx successfully to retrieve cookie data, but I need to retrieve the entire cookie ...
- 2,287
2
votes
0
answers
615
views
Nuxt 3 Authorization
I am new to Nuxtjs, i come from a web application developed using Vuejs 3, using pure Client Side Rendering and i was testing Nuxt SSR functionality migrating my application. In my scenario, the web ...
- 83
1
vote
0
answers
65
views
c# cookie key text is getting stripped between the browser call and API endpoint
.NET core 6
I'm manually creating a cookie (my:cookie=myValue) in the Chrome browser to be added to API endpoint call (Tools -> Application -> Cookies -> simply add new line) - then I want to ...
- 31
1
vote
0
answers
432
views
How do I get and set cookies from my Express response cookies in a Nuxt 3 app
I am building a full-stack application with NodeJS-Express-TypeScript on the backend and Nuxt 3 on the frontend. In the backend, I have 3 API routes to handle user authentication (signup, sign-in and ...
- 11
1
vote
0
answers
229
views
GoLang net/http CookieJar Headers Persisting Across Functions
I have a function that distributes tasks for requests to make unique requests which also need unique cookies.
func DistributeTasks(url string) error {
// redacted code
responseCh := make(...
- 29
0
votes
0
answers
74
views
Intercepting http-cookies sent from node server in my reactjs application
I'm currently trying to send the access & refresh tokens to the frontend using http-cookies , and trying to get them in reactjs and store values in react context after logging in , but i do not ...
0
votes
2
answers
2k
views
How can I read the value of a HttpOnly cookie?
I'm using python and selenium to browse a website, once logged in I would like to transfer the session (exporting cookies) from the selenium browser to a python requests session, but I noticed that ...
0
votes
1
answer
702
views
Unable to authorize by BFF in Blazor WebAssembly with Duende.IdentityServer in HTTP scheme, not HTTPS
I have two sample projects, one for Duende Identity Server and another for Blazor WebAssembly project, they are both writen by .NET 7 and we are using latest release of Duende Identity server with BFF(...
1
vote
1
answer
573
views
Cookies available in network response header but not available in application storage cookies tab
I am trying to set a simple cookie using express res.cookies() but the cookies are not being set in the application tab. My frontend is in React and backend is in node. The application work well when ...
0
votes
0
answers
60
views
httpcookie response header domain attribute returning "too many re-directs"
As per https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
I have set in IIS web.conf the following:
httpCookies domain="FQDN" httpOnlyCookies="true" requireSSL="true&...
1
vote
0
answers
278
views
NGINX Not sending cookie on web application logout
I am using NGINX's auth_request directive for SSO as well as reverse proxies, and everything works well, other than logging out. The log-out functionality doesn't work, i.e. I do get redirected to the ...
- 169
0
votes
1
answer
705
views
Unable to store cookies in browser: http.Cookies are getting stored in postman but not in browser
On User 's successful login request ,I am saving tokens as http.cookies from the backend.
When i make login request using postman the cookies are stored in postman's cookies but on the other hand if i ...
- 1
0
votes
0
answers
28
views
ASP.NET MVC Adding Cookies doesn't work if Domain Set
I am trying to add two cookies to application. One I need the domain to ".site.com", but that one does not show in the Cookies.
var ticket = new FormsAuthenticationTicket(1, emailAddress, ...
- 1,755
0
votes
1
answer
210
views
Login to an application URL and POST Data using Java
I want to login to an authentication based application URL use those cookies/token to POST the json data to a mapping with java.
Login URL and POST URL are different and predefined in the application. ...
0
votes
0
answers
372
views
How to authenticate a user in multiple backends?
I have front end - x.sameDomain.io.
and a back-end y.sameDomain.io. It basically I use for signup/signin and some other basic queries and this backens sends a http only cookie to the front-end.
...
- 335
2
votes
1
answer
500
views
NodeJS Koa Cookies to set JWT token not working
In my backend (NodeJS / JavaScript) I would like to set an HttpOnly cookie that keeps track of the JWT refresh token.
I'm using Koa to communicate with the frontend.
As you can see I set the cookie ...
- 21
1
vote
1
answer
3k
views
How to use with credentials: true with TanStack Query fetch
Previously I used axios request withcredentials:true to get the cookie from server site when I started to to use useQuery of TanStack Query/react Query to fetch data, I couldn't be able to sent ...
1
vote
0
answers
362
views
Safari not persisting HTTP only cookie between in app browsers and safari browser app
I am sending a http-only cookie after a user logs in. This cookie is attached to every subsequent request and the API calls are getting authorized correctly.
The issue arises in the following scenario:...
- 31.4k
0
votes
2
answers
6k
views
Angular jwt authentication with HttpOnly cookie
We have .Net Core 5.0 backend API which is returning a jwt token wrapped in a HttpOnly cookie when I call the login API endpoint & in the response body, it is sending me user's name & userId. ...
0
votes
0
answers
926
views
PHP API - Cookies are sent, not saved in browser
I have a problem with cookies.
I have a simple (self created) REST API in PHP, running on localhost:80/api.
FrontEnd is React App running localhost:3456.
In PHP the cookie header is:
"Set-Cookie: ...
- 39
1
vote
0
answers
145
views
SPA Cookie based authentication in whitelabeled environment
As we all know by know storing JWT tokens (or any other auth token) in local storage is not a good idea (see: https://dev.to/rdegges/please-stop-using-local-storage-1i04)
I am now building a SPA that ...
- 399
0
votes
1
answer
140
views
How can I pull cookies in teams plugin https://teams.microsoft.com/
public ActionResult Create()
CookieOptions localcookie = new CookieOptions();
localcookie.Expires = DateTime.Now.AddYears(1);
localcookie.HttpOnly = true;
...
- 300
0
votes
1
answer
59
views
Writing cookie seems to lose its original value
I seem to be having trouble storing a cookie and then reading back its value.
The cookie I'm writing is Name = TransloadingInventory-filter, Value = Consignee:HALLIBURTON ENERGY SERVICES::...
- 68.3k
0
votes
1
answer
914
views
500 internal server error instead of 302 redirect- JMeter
I'm trying to investigate the issue as I mentioned in the subject.
I login to the application and successfully able to land on the home page of my application through my JMeter code.
When I click on &...
- 354
1
vote
0
answers
505
views
ASP.NET Core Delete Cookies after JWT expire
I store my JWT in HTTPOnly Cookies, and after the token expire, the cookie still active. How can I delete or expire the cookie, when the JTW expires too?
Here is my Startup:
services.AddAuthentication(...
- 151
0
votes
1
answer
3k
views
How can I read httponly and secure cookies in the browser with Javascript?
How can I read httponly and secure cookies in the browser with Javascript, With "document.cookie" I can only see non httponly ones. I also need to access cookies that are httponly and secure....
0
votes
1
answer
100
views
I want to extract multiple http cookies values for rewrite URL with the help of single regex expression
For input string1:
application_session=30110020;User_Context=Ghkkaskj228992nkn999
Possible regex for string1:
application_session=(.*);User_Context=(.*)
Where
{C:1} = 30110020
{C:2} = ...
0
votes
0
answers
67
views
Cookie in the contact form only?
I found lots of complex replies for complex situations. Mine is simple. I just need a cookie for the page where is located the contact form: set an expiration time (one hour is more than enough). ...
- 81
0
votes
1
answer
141
views
Cannot set more than 1 cookie in ruby on rails
I am making some changes in discourse platform. at a point i want to set 2 cookies namely
sso_payload & sso_destination_url
here is what i am doing
cookies[:sso_payload] = payload || request....
0
votes
2
answers
3k
views
How can we access secure httpsonly cookie in next js application
we are calling https://demo.com/auth/session in next js application
backend team set the response cookie as secure HttpOnly cookie
const session = await (
await fetch(
`https://demo.com/auth/...
0
votes
1
answer
1k
views
Access cookie from http-cookie-agent in typescript
I am trying to access a cookie from axios. I am unable to use the wrapper but can use http-cookie-agent directly.
I can set the cookie, but I am unable to retrieve it again.
The cookie is set like ...
- 2,852