can't access httponly cookie from react js but can access in postman app! how is it possible?

Mohsen Mohebbi picture Mohsen Mohebbi · Aug 23, 2019 · Viewed 8.6k times · Source

I send a request to server to login and get cookie with token value with HTTP only tag after this action I can not access cookie value in my react app but I tested it in the postman app and i can see cookie in this app if I can see it in the postman app so I can see it in my app! what is different between them? Is There A Way To get HTTP only cookie in react app? result from request response from server in postman

Answer

Luis Sieira picture Luis Sieira · Dec 22, 2019

That is exactly the purpose of HttpOnly cookies.

The server sends the cookie along with the response, the browser stores it and sends it along with any request to the domain of this cookie. But the browser will prevent any code running on it to access it.

Why ?, this creates a secured way to store sensible information, such as authentication tokens, preventing any injected code in your page to access it.

https://www.owasp.org/index.php/HttpOnly