How to set HttpOnly flag In Node.js ,Express.js application?
Question
Hi I have a project in node.js and I want to set the HttpOnly flag: true for header response.
I have written the following code in app.js but it make no effect in response header.
app.use(session({
secret: "notagoodsecretnoreallydontusethisone",
resave: false,
saveUninitialized: true,
cookie: {httpOnly: true, secure: true}
}));
So any suggestion for setting HttpOnly Flag in express.js is most welcome.
2 answers
solution1
1 ACCPTED 2016-09-30 13:22:47
I think you could try this!
app.use(session({
cookieName: 'sessionName',
secret: "notagoodsecretnoreallydontusethisone",
resave: false,
saveUninitialized: true,
httpOnly: true, // dont let browser javascript access cookie ever
secure: true, // only use cookie over https
ephemeral: true // delete this cookie while browser close
}));
solution2
0 2022-07-27 14:37:18
This example uses cookie-parser library.
Setting a cookie: res.cookie("cookie_name", token, {})
Pass res.cookie() an options object with httpOnly: true ,
const options = {
expires: duration,
httpOnly: true,
};
Final eg
res.cookie("cookie_name", token, options)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
How to enable debugging express.js/node.js application
Express.js httpOnly cookie not being set
Error installing express.js application Node.js
Find Memory Leak on Node.js / Express.js Application
Set session value in callback (Node.js, express.js)
Node.js: Express.js set keep-alive
Cookie is not set in browser (Node.js + Express.js)
How do sessions work in Express.js with Node.js?
How to develop a multi-tenant application with Node.js (express.js)?
How does Node.js support Express.js?
Related Tags