35,137 questions
0
votes
0
answers
14
views
Cookie not transferred after redirect in OAuth2 implementation (works in Chrome, fails in other browsers)
I have an application with my Express server hosted on Render and my React frontend hosted on Vercel. I'm implementing OAuth2 with Google and setting the access token into the oauth_token cookie after ...
-1
votes
0
answers
19
views
How to share login session between subdomains (app/quiz/solver.localtest.me) in Next.js + Node.js
I'm Prashant
Working on a decoupled architecture project next.js front end & node.js back end.
So now in the localhost the main domain is localtest.me:3443, forwarded from localhost:3000 to ...
0
votes
1
answer
53
views
Get cookies from Chrome while it's instance is running on Windows in python
I tried the libraries like browser_cookie and browser_cookie3 and both fail. Browser Cookie3 does not work for the modern chrome and even though browser_cookie DOES after I tweak it's source code a ...
1
vote
2
answers
87
views
Laravel Sanctum SPA Auth: 419 (unknown status) Token mismatch error
Problem
I am struggling with annoying 419 error trying to logout. The login and register are working fine. My api and spa are on the same top-level domain, but different ports
api - localhost:8000
spa ...
- 123
Advice
0
votes
1
replies
165
views
How to authenticate WebSocket connection when access_token is stored in HttpOnly cookies? (Spring Cloud Gateway + STOMP)
I’m building a WebSocket-based microservice architecture using Spring Cloud Gateway and STOMP WebSockets.
Users log in through the frontend, and the backend sets:
access_token (HttpOnly, Secure, ...
- 11
1
vote
1
answer
52
views
WildFly Undertow UT000173: Invalid control character [250] in cookie - persists
I'm experiencing a persistent cookie corruption issue with my Java EE web application deployed on WildFly 37.0.1.Final. The error appears immediately when accessing the application URL, even after ...
- 21
-1
votes
1
answer
36
views
Extending Cookie Expiry in nginx
I am using nginx as a proxy between a front end and an API.
When the API returns a token, nginx sets it as a cookie.
The cookie will either have an expiry of 30 minutes, or 14 days if the user ticked '...
- 806
0
votes
1
answer
73
views
How to send cookies from server to client during SSR (Angular 20)
I am using HttpOnly Cookies for JWT authentication in my Angular v20 app. I have SSR enabled.
During Login, the cookies are sent to the client. I have an HttpInterceptor that seems to work to forward ...
- 109
0
votes
0
answers
45
views
Cross-Domain Cookies for Subdomains
We have a backend which is running at https://api.example.com. And we have two different client apps which are served from https://client.example.com and https://admin.example.com. Both of these apps ...
- 17.7k
0
votes
2
answers
123
views
My authentication setup requires a setTimeout before redirect to allow cookies to write in the browser
Authentication flow:
User is redirected back to my site (to /auth/callback) after logging in with a 3rd party. The redirect back includes query params. The React function on the callback page sends ...
- 7
0
votes
1
answer
64
views
How do I configure ABP as an OIDC provider if it is hidden behind Traefik?
I am trying to use an ABP application as an identity provider using OIDC. When I run the ABP app and my main service app on VS, I have no issues. I can redirect to ABP on trying to access the main ...
- 275
0
votes
0
answers
69
views
Set HttpContext Response Cookie in Blazor without API
Issue with Auth princliples not being able to write to response in blazor app through an injected service
LoginModal:
@using Microsoft.AspNetCore.Components.Authorization
@using MtgDeckBuilderServices
...
Best practices
0
votes
0
replies
29
views
How do I develop on localhost when using cookie authentication?
I have a trivial situation. The app is written in React with custom SSR. I need to integrate cookie authentication. But how can I test this if the cookies are only set on the real domain?
- 125
Advice
0
votes
0
replies
58
views
Can Cloudflare be bypassed from unrendered browsers using basic techniques like setting proper headers or cookies?
I’m building a Scrapy-based crawler and facing Cloudflare protection on some sites.
Here’s my current setup:
I have a separate API service that can bypass Cloudflare by simulating a real browser (e.g....
0
votes
0
answers
186
views
Next.js 16 Partial Prerendering (PPR) + Cache Components: Why is my dynamic segment not streaming after first request?
I'm experimenting with Next.js 16's new Cache Components and Partial Prerendering (PPR) to build a product page that:
Serves a static shell instantly (HTML for layout, header, footer)
Streams the ...
