How to set HttpOnly flag In Node.js ,Express.js application?

问题

Hi I have a project in node.js and I want to set the HttpOnly flag: true for header response.

I have written the following code in app.js but it make no effect in response header .

app.use(session({
 secret: "notagoodsecretnoreallydontusethisone",
 resave: false,
 saveUninitialized: true,
 cookie: {httpOnly: true, secure: true}
}));

So any suggestion for setting HttpOnly Flag in express.js is most welcome.

回答1:

I think you could try this!

app.use(session({
   cookieName: 'sessionName',
   secret: "notagoodsecretnoreallydontusethisone",
   resave: false,
   saveUninitialized: true,
   httpOnly: true,  // dont let browser javascript access cookie ever
   secure: true, // only use cookie over https
   ephemeral: true // delete this cookie while browser close
}));

来源：https://stackoverflow.com/questions/33872956/how-to-set-httponly-flag-in-node-js-express-js-application

标签

javascript

node.js

express

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!