can't access httponly cookie from react js but can access in postman app! how is it possible?

reactjs cookies httponly
Mohsen Mohebbi picture Mohsen Mohebbi · Aug 23, 2019 · Viewed 8.6k times · Source

I send a request to server to login and get cookie with token value with HTTP only tag after this action I can not access cookie value in my react app but I tested it in the postman app and i can see cookie in this app if I can see it in the postman app so I can see it in my app! what is different between them? Is There A Way To get HTTP only cookie in react app? result from request response from server in postman

Answer

Luis Sieira picture Luis Sieira · Dec 22, 2019

That is exactly the purpose of HttpOnly cookies.

The server sends the cookie along with the response, the browser stores it and sends it along with any request to the domain of this cookie. But the browser will prevent any code running on it to access it.

Why ?, this creates a secured way to store sensible information, such as authentication tokens, preventing any injected code in your page to access it.

https://www.owasp.org/index.php/HttpOnly

Related questions

Get cookie with react

I need to know if my user is connected or not. For that I want to read the cookies that I set in the server side with express-session : app.post('/connect_user', (req, res) => { req.session.cookie.username = …

Read More
React frontend and REST API, CSRF

Using React on the frontend with a RESTful API as backend and authorisation by JWT, how do we handle sessions? For example after login, I get a JWT token from REST. If I save it to localStorage I am vulnerable …

Read More
React: Delete cookie when user closes the browser

I'm using the library react-cookie (https://www.npmjs.com/package/react-cookie) and I want to delete the user cookies when the browser or tab is closed. I used ComponentWillUnmount in my Approuter, but that doesn't work when the browser is …

Read More