Last week, Egor Ushakov brought up a solid point about my website builder: if I were using an HTTP only cookie, I wouldn’t be able to access my cookie with code on my UI before deciding whether or not to make an API request 💡
I thought I was setting an HTTP only cookie, so this stumped me a bit at first 🤔
Then I realized that using Postman to login was the issue…well kind of. My ‘/login’ route was setting as an HTTP only cookie with the JWT, but it was also returning the access token to the client. I was copying the returned token and pasting it into a regular cookie in the browser. That cookie was accessible with JavaScript on my frontend 🤦🏻♀️
So, I had a few options:
👩🏻💻 Return the entire cookie from the ‘/login’ route and manually save that in the browser
👩🏻💻 Just code a login form and stop being lazy
I decided to go with option 2 and wired it up this weekend 💃🏼
Now, I can log in and log out safely directly from the UI. I even used Egor’s workaround of setting an additional cookie that can be accessed with JavaScript to know whether or not an access token exists before making API requests.
Thank you for commenting, Egor! I really appreciate the feedback.
What do you think?! 🙋🏻♀️
Want to develop your codings skills and network with other developers? Join the Coding with Callie community!
Coding with Callie – https://coding-with-callie.com/
LinkedIn – https://www.linkedin.com/company/coding-with-callie/
