cookies

问题 I am building authentication for my application and I am using access and refresh tokens. Upon user login, the API issues 3 things refresh token access token string with headers and payload access token string with signature These tokens are all jwt tokens. This article discusses why access tokens should be split. using express, I send the tokens back to the browser in my controller like so: res.cookie( ACCESS_TOKEN_COOKIE_HEADER_PAYLOAD, headerAndPayload, COOKIE_OPTIONS, ) res.cookie( ACCESS

问题 I am building authentication for my application and I am using access and refresh tokens. Upon user login, the API issues 3 things refresh token access token string with headers and payload access token string with signature These tokens are all jwt tokens. This article discusses why access tokens should be split. using express, I send the tokens back to the browser in my controller like so: res.cookie( ACCESS_TOKEN_COOKIE_HEADER_PAYLOAD, headerAndPayload, COOKIE_OPTIONS, ) res.cookie( ACCESS

问题 How to read the cookie on the client side (react) that was set via Passport on the Server side (node-express)? The cookie is setup correctly and can be serialized and deserialized on the server side as shown in the below code: passport.serializeUser(function(user, done) { done(null, user.id); }); passport.deserializeUser(function(id, done) { User.findById(id, function(err, user) { done(err, user); }); }); How can I read this cookie on the client side (React)? I don't have much experience with

问题 How to read the cookie on the client side (react) that was set via Passport on the Server side (node-express)? The cookie is setup correctly and can be serialized and deserialized on the server side as shown in the below code: passport.serializeUser(function(user, done) { done(null, user.id); }); passport.deserializeUser(function(id, done) { User.findById(id, function(err, user) { done(err, user); }); }); How can I read this cookie on the client side (React)? I don't have much experience with

问题 i'm using blazor server ( not use webapi, httpclient and ...) and i want to use jwt for authentication Where should I store token? localStorage or cookie? how to send jwt to server all of the request? I had to use AuthenticationStateProvider? I used httpContext but I got an error unless it fit into the cshtml file I also used localstorage inside AuthenticationStateProvider but just got an error also , which one is better? blazor server (one project) or blazor server with webapi?(two project,

问题 This question already has answers here : Adding Same-site; Secure to Cookies in Classic ASP (2 answers) Closed 8 days ago . We're using Classic ASP to construct our cookies via Response.Cookies( " CookieName " ). How would we go about setting "SameSite" to none? 回答1: Try this (you need the URLRewrite module installed). You also need to be using the https protocol ( SameSite only works if Secure is also included, and you can't include Secure without using the https protocol). HttpOnly should

问题 I have an aspnet core web site, with cookie authentication. When I logoff, and then, when I click in the back button of the browser, I navigate to the last web page, and I don´t want that, I wan´t the user to be redirect to the login page to be authenticate again. My startup.cs public void ConfigureServices(IServiceCollection services) { .... services.AddIdentity<ApplicationUser, ApplicationRole>( config => { config.User.RequireUniqueEmail = true; config.SignIn.RequireConfirmedEmail = true;

问题 I'm using both a front-end and a back-end application on a different domain with a session-based authorization. I have setup a working CORS configuration, which works as expected on localhost (e.g. from port :9000 to port :8080 ). As soon as I deploy the applications on secure domains (both domains only allow HTTPS), the CSRF cookie is not accessible anymore within JavaScript, leading to an incorrect follow-up request of the front-end (missing the CSRF header). The cookie is set by the back

问题 I'm trying to figure out why Chrome (26.0.1410.64) and IE10 don't seem to recognize the cookie I set in my response from an ASP.NET Web API controller. Here is the situation: I have a drop-down menu login form on my page that makes an ajax call to my Web API method (via HTTP POST) and that Web API method returns some JSON data and also sets a cookie in the response (using the HTTP headers). It works perfectly in Firefox and Safari (so, WebKit) but not in Chrome or IE. Chrome and IE appear to

问题 I've gotten pretty far with express and express-session and express-sql-session. I've got it creating a row in the database for a session when a user logs in. This is how I set it: //login route handler this.bcrypt.compare(password, row.hashed, function(err, passwordsMatch) { if (passwordsMatch === true) { console.log("user now logged in"); req.session.user = row; req.session.success = 'User successfully logged in'; res.send(row); res.end(); } }); Hunky dory! I can hop into my session table