Server a has membership/login data, and server b has servers that can only use html, css, and js.
I have a question about creating a login from server b to server a as an axios. I thought it would be a way to receive tokens in jwt and save them in cookies when login is successful, but when I searched, there was a message that it was not a good way to secure them.
I think it would be safer if you set something like httponly and secure, so is there a way to get a cookie with a token if I log in with axios?
axios login cookie
"Receive cookies" means that you receive an HTTP response that contains Set-Cookie: foo=bar in the header of the response. So in theory, if you can just process that Set-Cookie response header properly and plug it in with a browser cookie, it's a good thing. (In a typical synchronous response, the browser handles this smartly.))
But if you're unlucky (ex. CORS constraints ) In HTTP communication scenarios, such as the situation you asked, you may not be able to access that information in the response header. If you see "a-server" and "b-server," you are likely to be caught in the same source policy.
If it were me, I would just send JWT in the body of the response. Then it won't be a problem to get it, write it down on cookies, local storage, etc., and use it from time to time. httponly, secure (I hope you don't misunderstand) In fact, if the authentication token itself is strong enough, it doesn't matter.
Both of them should be done well on the authentication server side.
Fighting!
© 2024 OneMinuteCode. All rights reserved.