admin管理员组

文章数量:1324799

I have a JWT token that I'd like to store in a cookie. The cookie needs to have at least HttpOnly flag set, but I would also want to set the Secure flag to true.

From the angular docs I know I can store my token in cookies like this:

// using 'ngCookies'

createToken(jwt_token) {
    $cookies.put('jwt', jwt_token);
},
retrieveToken() {
    return $cookies.get('jwt');
}

But it's not clear how I can specify the HttpOnly and Secure flags. The docs say it has an options field for put() and get(), but then it mentions $cookiesProvider. I'm not sure how that fits in, or where it should be declared, or if it needs to be set every time I do a put() or get()?

So would it be something like:

createToken(jwt_token) {
    $cookiesProvider['domain'] = 'www.mydomain';
    $cookiesProvider['secure'] = true;
    $cookies.put('jwt', jwt_token);
},
retrieveToken() {
    $cookiesProvider['domain'] = 'www.mydomain';
    $cookiesProvider['secure'] = true;
    return $cookies.get('jwt');
}

Or is that pletely wrong? I didn't see any HttpOnly flag either, but I do see domain which I set to www.mydomain. Is that equivalent to HttpOnly = true?

I have a JWT token that I'd like to store in a cookie. The cookie needs to have at least HttpOnly flag set, but I would also want to set the Secure flag to true.

From the angular docs I know I can store my token in cookies like this:

// using 'ngCookies'

createToken(jwt_token) {
    $cookies.put('jwt', jwt_token);
},
retrieveToken() {
    return $cookies.get('jwt');
}

But it's not clear how I can specify the HttpOnly and Secure flags. The docs say it has an options field for put() and get(), but then it mentions $cookiesProvider. I'm not sure how that fits in, or where it should be declared, or if it needs to be set every time I do a put() or get()?

So would it be something like:

createToken(jwt_token) {
    $cookiesProvider['domain'] = 'www.mydomain.';
    $cookiesProvider['secure'] = true;
    $cookies.put('jwt', jwt_token);
},
retrieveToken() {
    $cookiesProvider['domain'] = 'www.mydomain.';
    $cookiesProvider['secure'] = true;
    return $cookies.get('jwt');
}

Or is that pletely wrong? I didn't see any HttpOnly flag either, but I do see domain which I set to www.mydomain.. Is that equivalent to HttpOnly = true?

  • javascript
  • angularjs
  • cookies
  • jwt
  • httponly
Share Improve this question asked May 10, 2015 at 19:27 rublexrublex 1,9236 gold badges28 silver badges47 bronze badges 1
  • Possible duplicate of Set a cookie to HttpOnly via Javascript – Ayoub Kaanich Commented Nov 20, 2016 at 11:23
Add a ment  | 

1 Answer 1

Reset to default 5

You can't do this using ngCookies. A HttpOnly cookie can't be created from JavaScript, the alternative however, is to make an ajax query to the server that will add a Set-Cookie HTTP response.

Related: Set a cookie to HttpOnly via Javascript

本文标签: javascriptHow to set httpOnly flag in ngCookiesStack Overflow

版权声明:本文标题:javascript - How to set httpOnly flag in ngCookies? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742136987a2422413.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。