0

I have a Single Page Application built with React and ASP.NET Core 2.1 WebAPI on the backend. I am switching to storing auth0 tokens from localstorage to httponly cookies and have trouble accessing the auth0 token stored in an httponly cookie(set by the client/browser) on the server.

I am storing my auth0 token in a cookie and I send it to the server for validation. I am able to access the auth0 token when httponly flag is false, but when set to true, I am unable to access the token. I tried implementing a middleware to check the same and found that the token isn't visible when http only is true.

Improve this question

1 Answer 1

Reset to default
1

So, after some research I just realized that httponly cannot be set by JavaScript and it has to be set only on the server side.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.