Setting the HttpOnly attribute for the NodeJS cookie header

Question

I'm trying to figure out how to set the HttpOnly attribute for the set-cookie header, specifically for native NodeJS.

Right now, I have this code, but it doesn't work because I can still access the cookies with client side javascript.

response.setHeader('Set-Cookie', ['HttpOnly']);

shaochuancs · Accepted Answer · 2017-03-21 02:35:48Z

34

To set cookie, you need to specify cookie name and value, which is missing in your code. That's why it does not work. Example code would be:

response.setHeader('Set-Cookie', 'foo=bar; HttpOnly');

If you want to set multiple cookies, some with HttpOnly, some without. The code would be:

response.setHeader('Set-Cookie', ['foo=bar; HttpOnly', 'x=42; HttpOnly', 'y=88']);

According to Node.js HTTP document, there is no global HttpOnly configuration, which makes sense, as normally you may need some cookie client readable.

edited Mar 21, 2017 at 2:35

answered Mar 21, 2017 at 2:29

shaochuancs

16k3 gold badges61 silver badges66 bronze badges

Oh I see. I misinterpreted the NodeJS documentation, but you cleared it up. Thanks for your help!
– Artur
Commented Mar 21, 2017 at 2:53

Add a comment |

Collectives™ on Stack Overflow

Setting the HttpOnly attribute for the NodeJS cookie header

1 Answer 1

Not the answer you're looking for? Browse other questions tagged
node.js
http
cookies
or ask your own question.

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Not the answer you're looking for? Browse other questions tagged node.jshttpcookies or ask your own question.

Related

Not the answer you're looking for? Browse other questions tagged
node.js
http
cookies
or ask your own question.