17 questions from the last 30 days
Advice
0
votes
1
replies
152
views
How to authenticate WebSocket connection when access_token is stored in HttpOnly cookies? (Spring Cloud Gateway + STOMP)
I’m building a WebSocket-based microservice architecture using Spring Cloud Gateway and STOMP WebSockets.
Users log in through the frontend, and the backend sets:
access_token (HttpOnly, Secure, ...
- 11
0
votes
2
answers
116
views
My authentication setup requires a setTimeout before redirect to allow cookies to write in the browser
Authentication flow:
User is redirected back to my site (to /auth/callback) after logging in with a 3rd party. The redirect back includes query params. The React function on the callback page sends ...
- 7
0
votes
0
answers
103
views
Why is Rails generating separate cookies for subdomains?
I have a Rails 6.1 application that previously used to serve assets from /assets (asset_host was unset)
Recently I've changed the asset_host to use //assets<X>.example.com/ where X would be a ...
- 2,552
-1
votes
0
answers
112
views
Next.js 16 Partial Prerendering (PPR) + Cache Components: Why is my dynamic segment not streaming after first request?
I'm experimenting with Next.js 16's new Cache Components and Partial Prerendering (PPR) to build a product page that:
Serves a static shell instantly (HTML for layout, header, footer)
Streams the ...
0
votes
1
answer
59
views
How to send cookies from server to client during SSR (Angular 20)
I am using HttpOnly Cookies for JWT authentication in my Angular v20 app. I have SSR enabled.
During Login, the cookies are sent to the client. I have an HttpInterceptor that seems to work to forward ...
- 109
1
vote
1
answer
44
views
WildFly Undertow UT000173: Invalid control character [250] in cookie - persists
I'm experiencing a persistent cookie corruption issue with my Java EE web application deployed on WildFly 37.0.1.Final. The error appears immediately when accessing the application URL, even after ...
- 11
Advice
0
votes
0
replies
52
views
Can Cloudflare be bypassed from unrendered browsers using basic techniques like setting proper headers or cookies?
I’m building a Scrapy-based crawler and facing Cloudflare protection on some sites.
Here’s my current setup:
I have a separate API service that can bypass Cloudflare by simulating a real browser (e.g....
0
votes
0
answers
37
views
Cross-Domain Cookies for Subdomains
We have a backend which is running at https://api.example.com. And we have two different client apps which are served from https://client.example.com and https://admin.example.com. Both of these apps ...
- 17.7k
Best practices
0
votes
0
replies
28
views
How do I develop on localhost when using cookie authentication?
I have a trivial situation. The app is written in React with custom SSR. I need to integrate cookie authentication. But how can I test this if the cookies are only set on the real domain?
- 125