221 questions
0
votes
0
answers
41
views
How to prevent auth token from being stolen on the Nextjs client side of socket.io?
This is my nodejs server socket.io code:
const io = new Server(server, {
cors: {
origin: "*", // Allows connections from any origin
methods: ["GET", "POST"] // ...
- 797
0
votes
0
answers
68
views
Capacitor (React + Android emulator) not sending HttpOnly cookie back to server, works fine in browser
I have a React web app that I’m running inside a Capacitor container. The backend issues an HttpOnly cookie (refresh_token) for authentication.
When I test in a normal browser, everything works:
...
0
votes
0
answers
26
views
Problem with logout function using httpOnly cookie
I have a problem in logout in production phase in my Nuxt 3.15 app (MEVN stack)
Normal conditions:
after successful login, the user is directed to /dashboard where his data is loaded from database
...
- 31
0
votes
1
answer
63
views
Browser ignoring Set-Cookie
I have frontend running at https://fe-qa.mydomain.com and backend at https://qa.mydomain.com.
In the Chrome Dev Tools under Network, I can see that when frontend calls https://qa.mydomain.com/foo/bar2,...
- 379
0
votes
1
answer
121
views
What is the point of http-only cookies and how to make your authentication secure?
EDIT: Incorrect question. I was getting only an empty object at the backend due to misconfiguration. I thought it was a part of HTTP-ONLY to make cookies inaccessible. (I cannot delete the question)
...
- 47
0
votes
1
answer
84
views
Why is the Authorization header preferred for JWTs over HttpOnly cookies in API authentication?
When implementing API authentication using JWTs, most standards (like OAuth 2.0 and OpenID Connect) recommend placing the token in the Authorization header, using the Bearer scheme
However, I’m ...
- 1
0
votes
1
answer
70
views
Check auth status of users in a Vue.js Frontend with an HTTPOnly JWT Token in ASP.NET Web API
I'm building a web application with an ASP.NET Web API backend and a Vue.js frontend. I've implemented JWT authentication and am storing the access token in an HTTPOnly cookie for security reasons. ...
0
votes
1
answer
189
views
Jwt priority HttpOnly Cookie versus Authorisation bearer
I have a backend in Asp.net Core that handle authorization with jwt tokens.
This backend may interact with differents clients.
To some of them (browser, compliant lib... ) it will send a secure ...
- 293
0
votes
1
answer
193
views
Using Laravel Passport (CreateFreshApiToken) To Implement HttpOnly Cookie as Auhentication in API
Im using Laravel Passport and I'm trying to convert my code from using tokens stored in the localhost to using httponly cookies.
I followed this documentation: https://laravel.com/docs/5.8/passport#...
- 1
0
votes
0
answers
133
views
401 Unauthorized. Laravel Sanctum. Cookie based authentication
I am trying to authenticate with the http only cookies. My front end is VUE 3 and backend is laravel.
I am successfuly logging in. My login functions is
public function login(Request $request)
...
- 43
0
votes
0
answers
60
views
Spring Boot check isHttpOnly cookie not working
I'm storing my authentication token on an http-only cookie. When an user logs-in, an http cookie carrying the token will be set. Here's the code to process the login:
@PostMapping("/processlogin&...
- 31
0
votes
1
answer
64
views
.NET - Is there a way to validate the httponly token and header token?
I have an ASP.NET Core 8.0 Web API that is configured to authenticate with http-only JWT token.
This is my code to create the authentication and authorization:
builder.Services.AddAuthorizationBuilder(...
- 383
0
votes
0
answers
95
views
How to implement http-only cookie auth from aws hosted backend to locally hosted frontend?
When your backend is deployed to aws and you have to develop http cookie authentication to a locally hosted reactjs frontend how do you implement it?
The issue is..
When I call the login API endpoint ...
1
vote
0
answers
438
views
Why is my HTTP-only cookie undefined after page refresh?
I'm setting an HTTP-only cookie to JWT token, then when I'm refreshing the page on frontend. It automatically calls endpoint which has getCheckToken on it. When I try to retrieve that set HTTP-only ...
0
votes
0
answers
210
views
http-only cookie being set only after some time delay (chrome)
i see some weird behavior with http-only cookie - if i make subsequent request, the set-cookie header sent from the backend is not sent properly on the next request.
for example i tried it even via ...
1
vote
1
answer
57
views
httpOnly Presisting Authentication token status between DRF and reactJS
I seem to be having trouble persisting my athntication status between django and reactjs ( when i refresh the page ) i loose authentication.
upon sending requests to my endpoints in postman with my ...
- 253
0
votes
1
answer
96
views
Cannot use http only cookies when deploy my rails backend application to heroku
Currently I have finished backend and I tried to deploy it on heroku, but when I change api calls of my frontend(react typescript) to the new heroku.com url, the session just cannot work (can't save ...
- 1
0
votes
0
answers
101
views
NextJS Sending HTTP-Only Cookie in Requests
I am working on moving my React App to NextJS. My application has a custom backend API which sends an http-only cookie on authorization. On my original React App without NextJS, my API endpoints' ...
- 93
1
vote
1
answer
242
views
How to handle update logic in server side when using sveltekit?
I'm using a sveltekit.
What I want is to update the input data.
The update itself is simple, but there is a problem, which is that i need to send an accessToken in a header to send an update API ...
- 113
2
votes
2
answers
2k
views
Missing HTTPOnly Cookies at HTTP Request from child iFrame or pop-up window
Browser (Chrome) doesn't set HttpOnly cookies from child iframe or pop-up window
I have a parent webpage with a child iframe:
Parent at https://sub1.some-domain.com
Child at <iframe src="...
- 3,600
3
votes
0
answers
1k
views
How can i get cookie on server side server/api on page reload Nuxt 3
Hi I am using Nuxt 3 I am trying to set and get cookie on server/api. I have two pages index.vue and about.vue and two server/api files setcookie.get.js and getcookie.get.js. In the index.vue making ...
- 71
3
votes
1
answer
2k
views
Is storing JWT access token in app memory or both in httpOnly cookies?
I've always been under the impression that storing both of these tokens in an httpOnly cookie is secure enough, but been lately reading some people only store the refresh token in the cookie, and ...
- 31
0
votes
1
answer
50
views
Express-Session Cookie not showing up in Chrome
We are trying to get express-session to work in our App, currently for our login endpoint, I see that express session is returning the expected Cookie, it matches what is in the Sessions Store
But I ...
- 1,273
0
votes
0
answers
663
views
Accessing HTTPonly cookies in PHP
So, I've been making some custom session initiation code and have run across some issues in uisng HTTPonly cookies, for some reason I am not able to acess the cookies set to HTTPonly using $_COOKIE[&...
- 123
1
vote
1
answer
173
views
Updating multiple components with HTTP only secure cookie
In many of my previous projects with auth I used localstorage or sessionstorage to store the JWT. Trying to use http only secure cookies, the only issue I am running into is trying to a seperate ...
- 499