nuxt-ssr-firebase-auth
nuxt-ssr-firebase-auth copied to clipboard
HttpOnly cookie
I used a lot of this repo to do ssr auth on my side, especially the req thing was very usefull.
I am little confused about the HttpOnly flag, protecting agains XSS .. and you are not using here but also that is referenced on Firebase Auth.
Am I wrong here or should we use something else to "protect" cookie ?
I tried to do something like this but It's not working:
auth.addAuthTokenListener(function (idToken) {
document.cookie = '__session=' + idToken + ';max-age=' + (idToken ? 604800 : 0) + ';HttpOnly'
})