Cookie Settings Storage Method
I’ve got an web app that needs to store some non-sensitive preferences for the user. Right now I’m storing their language preference and what mode they want a window opened in by default in two cookies:
Understanding HTTP Cookies in Indy 10 for Delphi XE2
I have been working with Indy 10 HTTP Servers / Clients lately in Delphi XE2, and I need to make sure I’m understanding session management correctly. In the server, I have a “bucket” of sessions, which is a list of objects which each represent a unique session. I don’t use username and password to authenticate users, but I rather use a unique API key which is issued to a client, and has an expiration.
should F12’s request headers show session id as cookie?
I’m trying to educate myself on potential web attacks. I just found a site (which will rename anonymous) where it shows me what looks to be like the php session id inside the cookies section of the request header.
My immediate reaction was “wow, that’s bad”… but then i couldn’t really come up with a scenario as to how someone could use this to mess up the site.
But maybe its because I’m a newbie to this stuff.
But assuming that I got someone else’s session id… I’d have to hack the site with their session id before it expires right?
Is path in Set-Cookie URL encoded?
I’m writing some code that sets cookies and I’m wondering about the exact semantics of the Set-Cookie header. Imagine the following HTTP header line:
Why do browsers treat requests in an iframe as cross-site requests as it relates to cookies, but same-site for the request itself?
If a run an application containing an iframe on 127.0.0.1:5500
Controlling cookies with many tabs
I have a peculiar problem. My application has different levels of authentication. One specific level of user (super user) needs to be able to use the application as another user (subordinate user) that has lower privileges.
Edge Case For Cookie Based Token Management
I have a React frontend and a Nodejs backend that uses authentication via an OIDC service provider. After a user goes through the SSO authentication flow I store the token (containing a refresh token with a 5 hr expiration) in a HTTPOnly cookie with a similar expiration time. I also store a JWT token (1 hr expiration) in a cookie that’s generated by my backend so that I don’t have to keep sending the OIDC token to the service provider on every request. On every request I verify the JWT token. If the JWT token has expired I use the OIDC refresh token to refresh the OIDC token (new access token, new id token, new refresh token) and generate a new JWT token. My web server is configured such that if the cookie containing the OIDC token is missing, it will redirect to /api/login which will start a new SSO authentication flow.
Edge Case For Cookie Based Token Management
I have a React frontend and a Nodejs backend that uses authentication via an OIDC service provider. After a user goes through the SSO authentication flow I store the token (containing a refresh token with a 5 hr expiration) in a HTTPOnly cookie with a similar expiration time. I also store a JWT token (1 hr expiration) in a cookie that’s generated by my backend so that I don’t have to keep sending the OIDC token to the service provider on every request. On every request I verify the JWT token. If the JWT token has expired I use the OIDC refresh token to refresh the OIDC token (new access token, new id token, new refresh token) and generate a new JWT token. My web server is configured such that if the cookie containing the OIDC token is missing, it will redirect to /api/login which will start a new SSO authentication flow.
Cookies.set not created
enter image description hereI want to create a button that saves page data in a cookie. I do a spread (newFav) of my useState fav then I stringify the data in a constant that I push in my newFav array, I place the newFaw array in my useState fav. I do a check that fav.length >0 then I do a cookies.set but it doesn’t create: could you tell me where my error is, please? I’m tearing my hair out!
cookie retrieval issue in production
I deployed my backend using DigitalOcean, and frontend using Vercel, utilizing socket.io. I’m not sure if this information is relevant. After the login process, I send a token to the user, which I store using res.cookie. Later, within the app, I use react-cookie to handle these credentials. However, during the deployment process, everything works correctly, but at the production level, the app doesn’t function as expected. Although the cookie is being set in the browser, I’m unable to retrieve it and perform operations with it.