It does not allow to configure the cookie with the option httpOnly

Question

It does not allow to configure the cookie with the option httpOnly

EdinsonG opened this issue 9 months ago · comments

When creating the cookie without the httpOnly option, it is created correctly, however, when adding the httpOnly option, I do not create it and it does not return any error

note: I am creating the cookies client side

setCookie(name, value, { secure: true, httpOnly: true });

Andrei Zanouski · Answer 1 · Thu Aug 31 2023 14:36:58 GMT+0800 (China Standard Time)

Hello.
I think you call setCookie on client side.

You need to use this function with req, res
setCookie(name, value, { secure: true, httpOnly: true, req, res });

Joshua Davis · Answer 2 · Thu Oct 12 2023 10:24:52 GMT+0800 (China Standard Time)

req and res are only for server-side, not client-side. Those don't exist on the client.

So, the question again is, how do we do this from the client side?

Etienne BLANC-COQUAND · Answer 3 · Wed Oct 18 2023 05:10:45 GMT+0800 (China Standard Time)

Same problem here, on client side, using this

        const options: OptionsType = {
          httpOnly: true,
          path: '/',
          sameSite: true,
          secure: true,
        };
        setCookie(name, value, { ...options, maxAge: 100 });

The cookie is not created.

If I comment httpOnly: true,, the cookie is created

Grzegorz Dubiel · Answer 4 · Wed Oct 18 2023 05:19:29 GMT+0800 (China Standard Time)

Hello!
As far as I know setting cookie with httponly flag on client side is not possible at all. You can do this only on the server. Here is the topic from stackoverflow.

Andrei Zanouski · Answer 5 · Wed Oct 18 2023 16:47:56 GMT+0800 (China Standard Time)

So, the question again is, how do we do this from the client side?

It's impossible. This is standard behavior for all cookies
You can see stackoverflow link above and this one