The place where tokens are stored in Web apps are httpOnly cookies, which are sent to the backend automatically along with each request, but aren't accessible by JavaScript.
In the case of a Flutter app and nor a traditional Web app JavaScript is replaced by Dart.
The whole point of having cookies (especially if httpOnly) is that you don't need to access them on the frontend, as they're automatically sent to the backend as I showed in the post.
The only stuff you should be worrying about accessing in the frontend is the stuff you want to put in localStorage.
Also, the cookies are saved automatically in the document.cookie just like they would if you were writing regular JS.
Unless they're httpOnly: in that case the frontend can never access them so they can be accessed only by the backend when you send a request.
@chitgoks
and @jsonpoindexter
I've noticed that. Google's HTTP library seems to not retain cookies sometimes. Switching to the dio http library should fix it in my experience, and Dio's API is very close to Google's. I'm sorry for the late response but I've not been loggin in to dev.to often lately.
Thank you for taking the time to respond @carminezacc
! What ended up working for me was setting the withCredentials parameter for the BrowserClient to true (it is defaulted to false). After that, my browser did all the cookie management! github.com/dart-lang/http/blob/20e...
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
As I said in the post:
In the case of a Flutter app and nor a traditional Web app JavaScript is replaced by Dart.
The whole point of having cookies (especially if
httpOnly
) is that you don't need to access them on the frontend, as they're automatically sent to the backend as I showed in the post.The only stuff you should be worrying about accessing in the frontend is the stuff you want to put in
localStorage
.Hope this helps.
so you mean that if its an app, the cookie should be saved. but if it is web, the cookie is automatically included?
since browser automatically keeps cookies?
Yes, exactly.
Also, the cookies are saved automatically in the
document.cookie
just like they would if you were writing regular JS.Unless they're
httpOnly
: in that case the frontend can never access them so they can be accessed only by the backend when you send a request.cool. ill check.
i can understand that but somehow its weird that the response header doesnt show the cookie after login.
hi carmine. it seems that the problem is req.cookies returns null in the backend when flutter web sends a request to the backend.
also set httpOnly to false so i could see document.cookie contents but nothing is saved to the browser. weird.
I am also having the same issue. I can see the Set-Cookie header in the login response but the cookie is not actually being set
@chitgoks and @jsonpoindexter I've noticed that. Google's HTTP library seems to not retain cookies sometimes. Switching to the dio http library should fix it in my experience, and Dio's API is very close to Google's. I'm sorry for the late response but I've not been loggin in to dev.to often lately.
Thank you for taking the time to respond @carminezacc ! What ended up working for me was setting the
withCredentials
parameter for the BrowserClient totrue
(it is defaulted tofalse
). After that, my browser did all the cookie management!github.com/dart-lang/http/blob/20e...