Home > Software engineering >  Why browser is not setting the cookie sent from my node js backend?
Why browser is not setting the cookie sent from my node js backend?

Time:05-06

I'm trying to set a cookie from the backend server running at "api.mydomain.com" like this to the frontend running at "mydomain.com".

res.cookie('auth', token, {
  domain: 'mydomain.com',
  httpOnly: true,
  signed: true,
  secure: true,
  sameSite:'none',
});
res.json({
  //response object
});

In the response header of the request, the "Set-Cookie" header is visible, but when I am checking the cookie storage for the frontend running on "mydomain.com" I cannot find the cookie.

Set-Cookie: auth=<...>; Domain=mydomain.com; Path=/; HttpOnly; Secure; SameSite=None

My backend server is running Node.js and the frontend is in React.

CodePudding user response:

Well, you are getting this result since you have the httpOnly flag to true, and this is usually good to enhance security.

HTTP only cookies are not available via JavaScript code, the browser will send it automatically to the server without letting them to be available to the JavaScript code.

CodePudding user response:

You should make httpOnly: false. The HTTP Only flag is used to prevent the cookie accessible from Javascript (But still can be accessed via HTTP Request). So you can store sensitive information securely that won't be compromised via XSS.

res.cookie('auth', token, {
  domain: 'mydomain.com',
  httpOnly: false,
  signed: true,
  secure: true,
  sameSite:'none',
});

Page link:https//www.codepudding.com/Softwareengineering/397633.html

Prev:send previous messages in group chat
Next:My userinfo command in discord.js is giving only errors
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding