I just wonder what is actually accessible by document.cookie?
Secondly would be the implementation. I am interested in all processes from highly-accessible sign-in, to protecting the API endpoint, and the server knows requesters' credentials (for attaching userId in database queries). I currently use Firebase / firebase-admin for these reasons, but I have trouble implementing storing token in cookies. I fear that it might be backend dependent...
Hi Pacharapol!
Cookies that are marked httpOnly are not accessible from document.cookie, otherwise you can access the cookie from document.cookie. source
With our JS SDK (from yarn add cotter), we actually handle storing the access token in memory and the refresh token in the cookie for you. In short, you can just call:
cotter.tokenHandler.getAccessToken()
and it will:
grab the access token from memory if not expired, or
automatically refreshes the access token by calling Cotter's refresh token endpoint (where the cookie is included) and return to you a new access token.
If you're interested, shoot me a message on Slack and I can help you with any questions. You can find our documentation here.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I just wonder what is actually accessible by
document.cookie
?Secondly would be the implementation. I am interested in all processes from highly-accessible sign-in, to protecting the API endpoint, and the server knows requesters' credentials (for attaching
userId
in database queries). I currently use Firebase / firebase-admin for these reasons, but I have trouble implementing storing token in cookies. I fear that it might be backend dependent...I will consider your product.
Hi Pacharapol!
Cookies that are marked
httpOnly
are not accessible fromdocument.cookie
, otherwise you can access the cookie fromdocument.cookie
.source
With our JS SDK (from
yarn add cotter
), we actually handle storing the access token in memory and the refresh token in the cookie for you. In short, you can just call:and it will:
If you're interested, shoot me a message on Slack and I can help you with any questions. You can find our documentation here.