W
W
WizardW2019-07-02 22:06:24
Sessions
WizardW, 2019-07-02 22:06:24

Why doesn't express-session see httpOnly: false in config?

Why doesn't express-session see httpOnly=false and store the session with httpOnly= true so that any cookie from the browser via js is not retrieved?
Session config:

app.use(
  session({
    secret: process.env.SECRET_KEY,
    resave: false,
    httpOnly: false,
    saveUninitialized: false,
    store: new MongoStore({ url: process.env.DB_CONNECTION })
  })
);

Answer the question

In order to leave comments, you need to log in

1 answer(s)
�
ⓒⓢⓢ, 2019-07-02
@WizardW

and so?

app.use(
  session({
    secret: process.env.SECRET_KEY,
    resave: false,
    cookie: { httpOnly: false },
    saveUninitialized: false,
    store: new MongoStore({ url: process.env.DB_CONNECTION })
  })
);

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question