admin管理员组

文章数量:1323336

I have a JWT token that I'd like to store in a cookie. The cookie needs to have at least HttpOnly flag set, but I would also want to set the Secure flag to true.

From the angular docs I know I can store my token in cookies like this:

// using 'ngCookies'

createToken(jwt_token) {
    $cookies.put('jwt', jwt_token);
},
retrieveToken() {
    return $cookies.get('jwt');
}

But it's not clear how I can specify the HttpOnly and Secure flags. The docs say it has an options field for put() and get(), but then it mentions $cookiesProvider. I'm not sure how that fits in, or where it should be declared, or if it needs to be set every time I do a put() or get()?

So would it be something like:

createToken(jwt_token) {
    $cookiesProvider['domain'] = 'www.mydomain';
    $cookiesProvider['secure'] = true;
    $cookies.put('jwt', jwt_token);
},
retrieveToken() {
    $cookiesProvider['domain'] = 'www.mydomain';
    $cookiesProvider['secure'] = true;
    return $cookies.get('jwt');
}

Or is that pletely wrong? I didn't see any HttpOnly flag either, but I do see domain which I set to www.mydomain. Is that equivalent to HttpOnly = true?

I have a JWT token that I'd like to store in a cookie. The cookie needs to have at least HttpOnly flag set, but I would also want to set the Secure flag to true.

From the angular docs I know I can store my token in cookies like this:

// using 'ngCookies'

createToken(jwt_token) {
    $cookies.put('jwt', jwt_token);
},
retrieveToken() {
    return $cookies.get('jwt');
}

But it's not clear how I can specify the HttpOnly and Secure flags. The docs say it has an options field for put() and get(), but then it mentions $cookiesProvider. I'm not sure how that fits in, or where it should be declared, or if it needs to be set every time I do a put() or get()?

So would it be something like:

createToken(jwt_token) {
    $cookiesProvider['domain'] = 'www.mydomain.';
    $cookiesProvider['secure'] = true;
    $cookies.put('jwt', jwt_token);
},
retrieveToken() {
    $cookiesProvider['domain'] = 'www.mydomain.';
    $cookiesProvider['secure'] = true;
    return $cookies.get('jwt');
}

Or is that pletely wrong? I didn't see any HttpOnly flag either, but I do see domain which I set to www.mydomain.. Is that equivalent to HttpOnly = true?

Share Improve this question asked May 10, 2015 at 19:27 rublexrublex 1,9236 gold badges28 silver badges47 bronze badges 1
  • Possible duplicate of Set a cookie to HttpOnly via Javascript – Ayoub Kaanich Commented Nov 20, 2016 at 11:23
Add a ment  | 

1 Answer 1

Reset to default 5

You can't do this using ngCookies. A HttpOnly cookie can't be created from JavaScript, the alternative however, is to make an ajax query to the server that will add a Set-Cookie HTTP response.

Related: Set a cookie to HttpOnly via Javascript

本文标签: javascriptHow to set httpOnly flag in ngCookiesStack Overflow