python (65.1k questions)

javascript (44.2k questions)

reactjs (22.7k questions)

java (20.8k questions)

c# (17.4k questions)

html (16.3k questions)

r (13.7k questions)

android (12.9k questions)

Questions - cookie-httponly

Avoid refresh token for authentication when using HttpOnly cookie

I have a solution for an authentication system without using refresh token. Please tell me where are the vulnerabilities of this method. I assume the following: Client and Server are on the same doma...
test-img

47ndr

authentication

oauth

jwt

local-storage

cookie-httponly

Votes: 0

Answers: 1

Latest Answer

I like your thinking and had similar ideas, particularly with setting a local storage variable to reflect the state as logged in so I could check that before making a pointless server call to refresh ...
test-img

Klh

Axios withCredentials customize which http cookie to send

Suppose on server side you set 2 httpOnly cookies (accesstoken & refreshtoken) you want to pass accesstoken to all of the frontend requests but only pass refreshtoken to /RefreshToken endpoint. I ...
test-img

Phil15

node.js

cookies

axios

cookie-httponly

Votes: 0

Answers: 1

Latest Answer

That isn't how httpOnly cookies work. You don't get to access them or decide which gets sent from the browser. It seems like your server-side code for the /RefreshToken route can easily just ignore t...
test-img

jfriend00

How i verify token, that was stored in cookie httpOnly on browser?

i use express in back end and this is my token was stored in browser My question is "how i verify or get the value as "access_token" name was stored in cookie httpOnly to my expressjs ...
test-img

HTL

token

verify

cookie-httponly

Votes: 0

Answers: 1

Latest Answer

Express has a package called cookie-parser on npm you can install it using npm install --save cookie-parser. Then initialize it like this const cookieParser = require("cookie-parser"); cons...
test-img

raizo

Http only cookie user authentication after session expires

Stack: frontend = Vue backend = Strapi (node based cms) + postgresql I have build a authentication mechanism that uses http only cookies. The user logs in, then a http only cookie is send to the use...
test-img

Sjihtam

node.js

authentication

strapi

httponly

cookie-httponly

Votes: 0

Answers: 1

Latest Answer

I have a similar setup. As you mentioned it's not possible for JavaScript to access the http cookie, and having a timer run for the period of cookie expiry is not very desirable. What I do is to do no...
test-img

Choo

Posts

Questions

Blogs

Jobs