Reputation: 33
How do I access a httponly cookie (set by the client) on the server?
I have a Single Page Application built with React and ASP.NET Core 2.1 WebAPI on the backend. I am switching to storing auth0 tokens from localstorage to httponly cookies and have trouble accessing the auth0 token stored in an httponly cookie(set by the client/browser) on the server.
I am storing my auth0 token in a cookie and I send it to the server for validation. I am able to access the auth0 token when httponly flag is false, but when set to true, I am unable to access the token. I tried implementing a middleware to check the same and found that the token isn't visible when http only is true.
Upvotes: 0
Views: 512
Answers (1)
Reputation: 33
So, after some research I just realized that httponly cannot be set by JavaScript and it has to be set only on the server side.
Upvotes: 1
Related Questions
- Reading cookie using asp.net web api
- How to read cookies from HttpResponseMessage?
- Set HTTPOnly cookie from the ASP.net Web Api
- How to get request cookies in Web API authorization attribute?
- HttpClient does not see "Set-Cookie" header
- Set cookie from Web Api 2 IAuthenticationFilter AuthenticateAsync method
- How do I get cookies from HttpClientHandler.CookieContainer while using Web API self-hosting?
- Getting a cookie from a WebClient POST request?
- Web API - How to set cookie with authen request
- c# Get httponly cookie