Skip to main content
320 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
0 votes
1 answer
51 views

I developed a JWT based authentication that sends tokens in httpOnly, secure cookies. Here is the response of my login request: access-control-allow-credentials true access-control-allow-headers ...
AlbertDeTerre's user avatar
  • 1
0 votes
0 answers
126 views

I have a React web app that I’m running inside a Capacitor container. The backend issues an HttpOnly cookie (refresh_token) for authentication. When I test in a normal browser, everything works: ...
Bear Bile Farming is Torture's user avatar
  • 5,505
0 votes
0 answers
65 views

I am having difficulties with the following scenario. I have an API that generates tokens and responds with an HTTPOnly cookie. This API is in a development environment (Cloud Server) at the URL https:...
Bruno Tchaikovsky's user avatar
  • 1
1 vote
0 answers
78 views

I tried to secure an old website in classic asp which was using this code to generate a cookie but does not care about httponly and secure , however the expiration date was working fine and cookies ...
Ali Sheikhpour's user avatar
  • 11.5k
0 votes
1 answer
56 views

I have a React-App with a Nodejs backend which handle authentication/authorization by using httponly cookie. I created a static site and deployed it on NodeJS backend app, and it is working fine with ...
Mohammad Momtaz's user avatar
  • 635
0 votes
1 answer
62 views

I am having Issues with receiving and sending httpOnly cookie - on the login Page var response = await fetch(BASE_URL + 'login?useCookies=true', { method: 'POST', credentials: 'include', ...
Farid Omarzadeh's user avatar
  • 11
0 votes
1 answer
75 views

I have frontend running at https://fe-qa.mydomain.com and backend at https://qa.mydomain.com. In the Chrome Dev Tools under Network, I can see that when frontend calls https://qa.mydomain.com/foo/bar2,...
jjrz's user avatar
  • 379
2 votes
1 answer
150 views

I'm using SignalR in a React frontend with JWT tokens passed via HttpOnly cookies for authentication, which prevents access to the token in JavaScript. When the server is down for too long, the JWT ...
pierre.b's user avatar
  • 303
0 votes
1 answer
178 views

EDIT: Incorrect question. I was getting only an empty object at the backend due to misconfiguration. I thought it was a part of HTTP-ONLY to make cookies inaccessible. (I cannot delete the question) ...
sanaaa's user avatar
  • 47
1 vote
1 answer
1k views

I am facing the CORS error (The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'.) because origin was set ...
Miguel Ângelo Freitas's user avatar
  • 33
1 vote
0 answers
95 views

I Have a NextJS 14 SSR app, which uses Auth0 for authentication, using the @auth0/nextjs-auth0 library to manage authentication. I also have an external .Net Api with protected endpoints that ...
raezer's user avatar
  • 11
0 votes
1 answer
464 views

I'm trying to remove and httpOnly Cookie that I set on serverSide of my nextjs project ,but when I can't remove it at all. I don't get any errors. I tried to use route handler so that i can remove it ...
Arash Forghanbin's user avatar
  • 11
0 votes
1 answer
128 views

So I am implementing the JWT access token / refresh token cycle. I send a refresh token in an httpOnly cookie and I want to send it back to the server. The httpOnly cookie appears in the response 'Set-...
Νίκος Ανδρεάδης's user avatar
  • 11
-1 votes
1 answer
555 views

While rewriting an app from CRA to Next.js, I encountered an issue with using a JWT access token for client-side requests. Previously, the token was stored in localStorage, making it easy to add to ...
Dmitriy Tilik's user avatar
  • 1
0 votes
0 answers
32 views

Say I have a html page on mycooldomain.com. On that page I do login to login.mycooldomain.com using axios. const smartAxiosLogin = axios.create({ timeout: 5000, // 5 seconds ...
user avatar
1 vote
1 answer
535 views

I am quite new to React and I tried connecting my backend (Python/ Flask) to my frontend (React). I wanted to use JWT Tokens and save them in the HTTPOnly Cookies, I managed to write some code that ...
Tim Löffler's user avatar
  • 11
1 vote
1 answer
423 views

I have a bug that I can't get out of in React and Express... The problem: Status Code: 401 Unauthorized. server configured with HTTP-only cookies and cores. The token is received by the client but the ...
user769371's user avatar
  • 325
0 votes
2 answers
452 views

My back-end is already working ,I tested it in Postman but I don't know how to get the Bearer Token,which is in front-end; I am using httpOnly and withCredentials. NODE: MiddleWare: const jwt = ...
Guilherme Peixe's user avatar
  • 7
1 vote
0 answers
96 views

I'm experiencing an issue where an HttpOnly cookie set by my backend is not appearing in the browser's cookie storage. The Set-Cookie header is present in the server's response, but the cookie value ...
OWELEY's user avatar
  • 35
0 votes
0 answers
143 views

I am trying to authenticate with the http only cookies. My front end is VUE 3 and backend is laravel. I am successfuly logging in. My login functions is public function login(Request $request) ...
Azay Karimli's user avatar
  • 43
0 votes
0 answers
70 views

I'm storing my authentication token on an http-only cookie. When an user logs-in, an http cookie carrying the token will be set. Here's the code to process the login: @PostMapping("/processlogin&...
minhson Bui's user avatar
  • 31
0 votes
1 answer
61 views

I have a asp classic site, I want to set the httponly enabled to the cookies ASPSESSIONIDxxxx, I applied this in general.asp file which is called when the site is loaded: AspSessionCookie = Request....
anthony morales's user avatar
  • 1
1 vote
0 answers
188 views

I have a node express server which use JWT for auth. I originally just added the token in local storage in my frontend, but have now tried to implement HTTP only cookies. My server is hosted on heroku ...
Glenn Larsen's user avatar
  • 11
0 votes
1 answer
892 views

How can I steal cookie when HTTPOnly is on and CSP rules are defined? Assume that an attacker is given an inputfield that performs HTTP and that it is vulnerable for XSS attacks: <form action="...
ZedORYasuo's user avatar
  • 175
1 vote
0 answers
46 views

The httponly token is stored in the browser, so if I have two clients running in the same browser accessing the same API, once one of them is authorized to access API methods that require ...
Bru's user avatar
  • 11
1 vote
0 answers
215 views

Client Side is running on 4200 and Server side is on port 80 My index.php headers are header('Access-Control-Allow-Origin: http://localhost:4200'); header('Access-Control-Allow-Methods: *'); header(&...
yoenuts's user avatar
  • 53
-1 votes
1 answer
444 views

I've completed a guide and now aim to retrieve user details using a server component. However, despite the cookie being present in the browser, it doesn't seem to appear in the request. I customized ...
Harry's user avatar
  • 11
0 votes
0 answers
149 views

My express app is running on localhost:4000 and is setting two cookies like this: res.cookie('accessToken',token, { maxAge: 3600000, httpOnly: true, secure: false,Path: './',SameSite: 'None' }); res....
user avatar
5 votes
2 answers
570 views

UPDATE: I'm simplifying this as it got too long I am trying to get SessionAuthentication to work with React (port 3000) and Django (port 8000). However, I am having trouble with csrftoken not being ...
Axil's user avatar
  • 3,452
2 votes
1 answer
2k views

I'm currently developing a mobile app using Flutter for iOS and Android for a customer whose application already exists for the web + has been setup in the form of a REST API already. The idea is to ...
DevelJoe's user avatar
  • 1,592
1 vote
2 answers
1k views

I know that the safe approach to work with auth tokens is to use Http-Only, because with that, the JWT token will be read and set only on the server side. Ok, that makes sense to me. My problem is: ...
guirms's user avatar
  • 383
0 votes
0 answers
67 views

I want to store my refresh token in react, but I'm not sure where to store it. I've heard that it's best to store it in "HttpOnly" cookies. But I know it's not possible. I saw online to ...
user avatar
0 votes
0 answers
98 views

`I am running backend in a k8s cluster and ingress-nginx. The cookie is getting send to the browser. Confirmed with postman. But browser is rejecting it. app.use( session({ secret: 'keyboard cat', ...
AswinES's user avatar
  • 1
1 vote
1 answer
60 views

I seem to be having trouble persisting my athntication status between django and reactjs ( when i refresh the page ) i loose authentication. upon sending requests to my endpoints in postman with my ...
newprogrammer12's user avatar
  • 253
0 votes
0 answers
280 views

Hi anyone who would be willing to help, I'm using a refresh/access token system for authenticating requests for my c# api but I am having a problem with my HttpOnly refresh token cookie not being ...
Bradley's user avatar
  • 11
0 votes
1 answer
194 views

I have a Javascript script that opens a popup window passing a JWT token to a page. This page uses the JWT token and creates a session, storing its ID in a cookie. Once this is done, I am ...
Tom's user avatar
  • 779
0 votes
0 answers
170 views

I would like to save my HttpOnly cookie that I get from the backend in the browser. However, this is not happening and I don't know why. In my Spring Boot (Java) app, I added the HttpOnly cookie in ...
Doncarlito87's user avatar
  • 479
0 votes
1 answer
723 views

In my NodeJS application RESTful API when user logs in I create a JWT and send it to the client in a secure, httponly cookie: const jwt = utils.createJWT(user._id.toString()); const sessionId = utils....
Greg Lafrance's user avatar
  • 758
1 vote
1 answer
426 views

I am using two django instances. Both of them are setting the same csrftoken variable, which is causing conflicts. One of the csrftoken cookie is overwritten by other csrftoken cookie. So I am getting ...
Sairam Gourishetty's user avatar
  • 780
0 votes
1 answer
41 views

am sending the cookie from the backend API (http only cookie ). when I sent the request using postman the cookie setts in the header (Set-Cookie) but when I try sending the request from frontend using ...
Rabah Abellache's user avatar
  • 11
2 votes
2 answers
2k views

Browser (Chrome) doesn't set HttpOnly cookies from child iframe or pop-up window I have a parent webpage with a child iframe: Parent at https://sub1.some-domain.com Child at <iframe src="...
Taras Yaremkiv's user avatar
  • 3,610
0 votes
1 answer
61 views

I'm developping an app in mern stack using http only cookie request and while handling it in frontend it doesnt work but in postman it is working And here is the coode for generating token import jwt ...
Anas Hasna's user avatar
  • 1
0 votes
1 answer
1k views

I'm trying to send HttpOnly cookie from React frontend to NodeJS backend. I have checked that if the cookie is not HttpOnly, everything works as expected, but if not then the server does not receive ...
William Le's user avatar
  • 1,361
3 votes
0 answers
972 views

My front end app is in nextjs that run on port 3000 locally and backend is in express js that runs at port 3001 locally. I used the same backend for my react js app, but there was not problem in ...
common task's user avatar
  • 41
0 votes
0 answers
40 views

I am using Jetty server 8.1.3. I need to add HttpOnly Attribute for Sensitive Cookies ((ServletContextHandler) context).setInitParameter("org.eclipse.jetty.servlet.SessionCookie", "...
user3506319's user avatar
  • 11
0 votes
0 answers
2k views

I am implementing JWT Auth with Nuxt 3 (Only as Frontend), Pinia and Pinia-plugin-Persistedstate. I am storing access and refresh token on cookie. Everything works as long as i do not set httpOnly:...
Johnny's user avatar
  • 71
2 votes
1 answer
1k views

In my NextJS app I use external API for user authentication and processing other API calls. I use Flask app as an external API. When login is performed to the NextJS app I sent credentials to API and ...
Matúš Ravas's user avatar
  • 73
3 votes
1 answer
2k views

I've always been under the impression that storing both of these tokens in an httpOnly cookie is secure enough, but been lately reading some people only store the refresh token in the cookie, and ...
Nelson Melon's user avatar
  • 31
1 vote
1 answer
3k views

I'm working on a Nextjs app and I'm using Laravel api for auth and other things. So I was searching about the best way to store the token that i will get when I sign a user in or sign him up from that ...
Mooder's user avatar
  • 41
0 votes
1 answer
93 views

I am writing a php web application. I want to set 2 values in a cookie with $_COOKIE. The first value should be accessible to a javascript script. But the second value must not be accessible to ...
Bob5421's user avatar
  • 9,443

1
2 3 4 5
7