Answer the question
In order to leave comments, you need to log in
Why doesn't express-session see httpOnly: false in config?
Why doesn't express-session see httpOnly=false and store the session with httpOnly= true so that any cookie from the browser via js is not retrieved?
Session config:
app.use(
session({
secret: process.env.SECRET_KEY,
resave: false,
httpOnly: false,
saveUninitialized: false,
store: new MongoStore({ url: process.env.DB_CONNECTION })
})
);
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question