How to Authenticate Users Using HttpOnly Session Cookies in the Frontend
Unanswered
Yehanget posted this in #help-forum
YehangetOP
How can I read and validate session cookies (such as connect.sid) set by the backend for user login, especially when the cookie is marked as HttpOnly? I want to ensure that the user is logged in by checking whether the connect.sid cookie exists and is valid, but since it's HttpOnly, it can't be accessed directly from the frontend. What is the proper way to validate the user's login status in this case?
2 Replies
Polish
You should be verifying sessions on the backend, not the frontend.
You can create an api that fetches the session from the backend to determine if the user is authenticated in the frontend.
You can create an api that fetches the session from the backend to determine if the user is authenticated in the frontend.
YehangetOP
okay thanks for the suggestion