node.jscookiesaxioscookie-httponly

Axios withCredentials customize which http cookie to send


Suppose on server side you set 2 httpOnly cookies (accesstoken & refreshtoken) you want to pass accesstoken to all of the frontend requests but only pass refreshtoken to /RefreshToken endpoint.

I can see in axios withCredential: true flag allows for all httponly cookies to be passed to server, but is there a way to customize this to a specific cookie ?


Solution

  • That isn't how httpOnly cookies work. You don't get to access them or decide which gets sent from the browser.

    It seems like your server-side code for the /RefreshToken route can easily just ignore the accessToken cookie and only pay attention to the refreshToken cookie. That's entirely up to your server code so you can just code it accordingly.

    but is there a way to customize this to a specific cookie ?

    No, not for httpOnly cookies. They are httpOnly for a reason - the client can't mess with them in any way.