I'm currently developing a mobile app using Flutter for iOS and Android for a customer whose application already exists for the web + has been setup in the form of a REST API already. The idea is t...

Can you briefly explain the difference between HTTPOnly cookies and normal coookies? and Is normal cookie same as signed cookie? I know what HTTPOnly cookie is. but, I do not how I can explain what...

I'm new to cookies and I'm having an issue to set HttpOnly cookie from server to web client. Here's my setup: Server is on domain: https://api.app.domain.com (express app), Web app in on domain: ht...

I have encountered an issue, as I have to create a cookie in the backend, which I will later use to send a request from the frontend. Both apps are on the same domain. This is the general idea behi...

I want to send the SimpleJWT access and refresh tokens through HttpOnly cookie. I have customized the claim. I have defined a post() method in the MyObtainTokenPairView(TokenObtainPairView) in whic...

I'm implementing for first time a login Auth with HTTpOnly Cookie. In my case, the cookie it's created when user calls login method in a Python service with fastapi and uvicorn. I've read the MDN d...

here is a function that sets a cookie: public void addCookie(String cookieName, String cookieValue, Integer maxAge, HttpServletResponse response) { Cookie cookie = new Cookie(cookieName, cookieVa...

I read about some of the issues related to storing jwt token in local storage that's why I am trying to store token in http-only cookie. I am using following approach. from rest_framework.views imp...

I read Set "secure" attribute for Flask cookies, but it's for setting secure cookies, but I'm trying to set HTTPONLY cookies. They both are kind-of-secure cookies, but differ in specs (re...

I have an express-node server . I send JWT access token in response and also a JWT refresh token via httpOnly cookie only . When using it in browser, that refresh token is automatically sent with e...

I have a basic SPA (react) <-> API (net core 2.2) setup, with 2 environments: dev and prod (small project). There is an authentication mechanism on the API side that checks the presence of a htt...

NOTE: I had 4 bounties on this question, but non of the upvoted answers below are the answer needed for this question. Everything needed is in Update 3 below, just looking for Laravel code to imple...

I have a web application which is running on a Tomcat 7 server. The cookie with session id has by default the flags HttpOnly and Secure. I want to disable this flags for the JSESSIONID cookie. But ...

I have a cookie with these parameters: Name: workgroup_session_id Content: "" Domain: agrobman1.tsi.lan Path: / Send for: Any kind of connection Accessible to script: No (HttpOnly) Created: Wednes...

I want to use HttpOnly cookies and I set it in Java as follows: ... Cookie accessTokenCookie = new Cookie("token", userToken); accessTokenCookie.setHttpOnly(true); accessTokenCookie.setSecure(tru...

Due to PCI regulations, most cookies in my application need to be secure and httponly. I have achieved that through this line in my Apache config file: Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Se...

I try to play some mp3 files via the html5 audio-tag. For the desktop this works great (with Chrome), but when it comes to the mobile browsers (also Chrome (for Android)), there seem to be some dif...

I can see that HttpOnly cookies are good for security, however they make logging out without server interaction impossible, right?1 So when the network fails, you can't log out and leave. I can ima...

From everything I've read online, a web.config like this should enable HttpOnly cookies, in ASP.NET 2.0. However this is not working. <configuration> <system.web> <httpCookies http...