**TL:DR**

    document.cookie = &quot;tagname = test;secure&quot;;

**You have to use HTTPS to set a secure attribute**

The normal (or formal, maybe) name is attribute. Since the flag refers to other things. 






**More Info**

Cookie attributes:
---------------------

&gt;Secure - Cookie will be sent in HTTPS transmission only.
&gt;
&gt;HttpOnly- Don&#39;t allow scripts to access cookie. You can set both of the Secure and HttpOnly.
&gt;
&gt;Domain- specify the hosts to which the cookie will be sent.
&gt;
&gt;Path - create scopes, cookie will be sent only if the path matches.
&gt;
&gt;Expires - indicates the maximum lifetime of the cookie.

More details and practical usages. Check [Testing_for_cookies_attributes_(OTG-SESS-002)][1]

**UPDATES**
**The following contents expire in June 2, 2016.**

&lt;del&gt;Cookie Flags&lt;/del&gt;
--------------

Cookie flags are prefixes. At the moment, they are described in the [RFC draft][2] as a update to the [RFC6265][3]


**These flags are used with the &#39;secure&#39; attribute.**

    __Secure-

 
&gt;The dash is a part of the prefix. This flag tells the browser, the cookie should only be included in &#39;https&#39;.

    __Host-

**A cookie with this flag**

&gt;1. must not have &#39;domain&#39; attribute, it will be only sent to the host which set it. 
&gt;
&gt;2. Must have a &#39;path&#39; attribute, that is set to &#39;/&#39;, because it will be sent to the host in every request from the host.


  [1]: https://www.owasp.org/index.php/Testing_for_cookies_attributes_(OTG-SESS-002)
  [2]: https://datatracker.ietf.org/doc/html/draft-west-cookie-prefixes-05
  [3]: https://www.rfc-editor.org/rfc/rfc6265

This cookie package is easy to use @ https://www.npmjs.com/package/js-cookie


     //to set cookie use
     Cookies.set(&#39;name&#39;, &#39;value&#39;, { expires: 7, path: &#39;&#39; });

     //to read the cookie, use
     Cookies.get(&#39;name&#39;); // =&gt; &#39;value&#39;

     //to delete cookie this
     Cookies.remove(&#39;name&#39;)

      //to set secure cookie this
     Cookies.set(&#39;name&#39;, &#39;value&#39;, { secure: true });

because the flag is called [`secure`][1], not *security*:

    document.cookie = &quot;tagname = test;secure&quot;;


  [1]: https://developer.mozilla.org/en-US/docs/Web/API/Document/cookie

What is the difference between `Calendar.HOUR` and `Calendar.HOUR_OF_DAY` ?
When to use `Calendar.HOUR` and `Calendar.HOUR_OF_DAY` ?
I am confused sometime `Calendar.HOUR` this works fine and othertime `Calendar.HOUR_OF_DAY` this works fine. What they return in the form of int? 
I have read [this][1] documentation but not understood the difference.
Any suggestions
Thanks.


  [1]: http://developer.android.com/reference/java/util/Calendar.html

Difference between Calendar.HOUR and Calendar.HOUR_OF_DAY?

When constructing a dictionary as follows:

    dict = { True: &#39;yes&#39;, 1: &#39;No&#39;}

When I run it in the interactive Python interpreter the dict is represented this way:

    dict = {True: &#39;No&#39;}

I understand that the values `True` and `1` are equal due to the type coercion because when comparing numeric types, the narrowed type is widened to the other type (boolean is a child of integer). So as I understood from the documentation, when we enter `True == 1` Python converts `True` to `1` and compares them.

What I don&#39;t understand is why the `True` is selected as a key instead of `1`.

I am missing something?


Choice made by Python 3.5 to choose the keys when comparing them in a dictionary

I have tried to set a cookie using `document.cookie = &quot;tagname = test; secure&quot;` but this does not set the secure flag. Am I setting it wrong? Can you only set it from a server response? I am also wondering that, because I have had a difficult time finding an example of its use, that it probably is not commonly used?

Thanks a bunch!

How to set cookie secure flag using javascript

<p>I have tried to set a cookie using <code>document.cookie = "tagname = test; secure"</code> but this does not set the secure flag. Am I setting it wrong? Can you only set it from a server response? I am also wondering that, because I have had a difficult time finding an example of its use, that it probably is not commonly used?</p>
<p>Thanks a bunch!</p>


I wanted to try using [template literals][1] and it’s not working: it’s displaying the literal variable names, instead of the values. I am using Chrome v50.0.2 (and jQuery).

## Example

```js
console.log(&#39;categoryName: ${this.categoryName}\ncategoryElements: ${this.categoryElements} &#39;);
```

## Output

```none
${this.categoryName}
categoryElements: ${this.categoryElements}
```


  [1]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literals

ECMAScript template literals like &#39;some ${string}&#39; are not working

I am using atom, and I&#39;ve tried several different jshint packages and they all give a warning which says 

    &quot;template literal syntax&#39; is only available in ES6 (use &#39;esversion: 6&#39;)&quot;

I created a top level .jshintrc file (at root), and added the following json:

    {
      &quot;esversion&quot;:6
    }

However, it is still throwing the same error. Any ideas how to resolve. I&#39;ve included the link to the [JSHint options][1] page. I&#39;d like to start playing around with ES6 syntax, but would prefer not to have extra warnings.

Thanks SO community!


  [1]: http://jshint.com/docs/options/

ES6 in JShint - .jshintrc has esversion, but still getting warning (using atom)

Is it possible to get all elements with class `a` *or* `b` using `getElementsByClassName()` only once? I&#39;d prefer vanilla JavaScript.

getElementsByClassName() with two classes

I have worked with chart.js 1.0 and had my doughnut chart tooltips displaying percentages based on data divided by dataset, but I&#39;m unable to replicate this with chart 2.0.

I have searched high and low and have not found a working solution. I know that it will go under options but everything I&#39;ve tried has made the pie dysfunctional at best.

    &lt;html&gt;
    
    &lt;head&gt;
        &lt;title&gt;Doughnut Chart&lt;/title&gt;
        &lt;script src=&quot;../dist/Chart.bundle.js&quot;&gt;&lt;/script&gt;
        &lt;script src=&quot;http://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js&quot;&gt;&lt;/script&gt;
        &lt;style&gt;
        canvas {
            -moz-user-select: none;
            -webkit-user-select: none;
            -ms-user-select: none;
        }
        &lt;/style&gt;
    &lt;/head&gt;
    
    &lt;body&gt;
        &lt;div id=&quot;canvas-holder&quot; style=&quot;width:75%&quot;&gt;
            &lt;canvas id=&quot;chart-area&quot; /&gt;
        &lt;/div&gt;
        &lt;script&gt;
        var randomScalingFactor = function() {
            return Math.round(Math.random() * 100);
        };
        var randomColorFactor = function() {
            return Math.round(Math.random() * 255);
        };
        var randomColor = function(opacity) {
            return &#39;rgba(&#39; + randomColorFactor() + &#39;,&#39; + randomColorFactor() + &#39;,&#39; + randomColorFactor() + &#39;,&#39; + (opacity || &#39;.3&#39;) + &#39;)&#39;;
        };
    
        var config = {
            type: &#39;doughnut&#39;,
            data: {
                datasets: [{
                    data: [
                        486.5,
    					501.5,
    					139.3,
    					162,
    					263.7,
                    ],
                    backgroundColor: [
                        &quot;#F7464A&quot;,
                        &quot;#46BFBD&quot;,
                        &quot;#FDB45C&quot;,
                        &quot;#949FB1&quot;,
                        &quot;#4D5360&quot;,
                    ],
                    label: &#39;Expenditures&#39;
                }],
                labels: [
                    &quot;Hospitals: $486.5 billion&quot;,
                    &quot;Physicians &amp; Professional Services: $501.5 billion&quot;,
                    &quot;Long Term Care: $139.3 billion&quot;,
                    &quot;Prescription Drugs: $162 billion&quot;,
                    &quot;Other Expenditures: $263.7 billion&quot;
                ]
            },
            options: {
                responsive: true,
                legend: {
                    position: &#39;bottom&#39;,
                },
                title: {
                    display: false,
                    text: &#39;Chart.js Doughnut Chart&#39;
                },
                animation: {
                    animateScale: true,
                    animateRotate: true
                }
    
            }
        };
    
        window.onload = function() {
            var ctx = document.getElementById(&quot;chart-area&quot;).getContext(&quot;2d&quot;);
            window.myDoughnut = new Chart(ctx, config);{
    			
    		}
        };
    
       
        &lt;/script&gt;
    &lt;/body&gt;
    
    &lt;/html&gt;



Chart.js 2.0 doughnut tooltip percentages

I&#39;m running on a MacBook Air.  I installed VS Code as an IDE and also have TypeScript installed.

I have a simple file with just this line:

    import fs = require(&#39;fs&#39;);

I&#39;m getting a red squiggly under the &#39;fs&#39; inside the parenthesis and the error message is `[ts] Cannot find module &#39;fs&#39;.` The file has a .ts extension. I&#39;m new to JavaScript and to TypeScript, but I was under the impression that `fs` was a core module, so how could it not be found?  How do I fix the problem?

Other things that I tried already:

 - Putting a simple function body in the file and then compiling on the command line with `tsc`.  I get an essentially equivalent error there: `error TS2307: Cannot find module &#39;fs&#39;.`  
 - On the command line `sudo npm install fs -g`.  This reports apparent success, but doesn&#39;t fix the problem.

I poked around SE and the web, but the answers that seemed close all appear to assume that &#39;fs&#39; is available.

How to find module &quot;fs&quot; in VS Code with TypeScript?

We have some build systems in production which no one cares about and these machines run ancient versions of GCC like GCC 3 or GCC 2.

And I can&#39;t persuade the management to upgrade it to a more recent: they say, &quot;if ain&#39;t broke, don&#39;t fix it&quot;. 

Since we maintain a very old code base (written in the 80s), this C89 code compiles just fine on these compilers. 

But I&#39;m not sure it is good idea to use these old stuff.

My question is:

Can using an old C compiler compromise the security of the compiled program?  

UPDATE:

The same code is built by Visual Studio 2008 for Windows targets, and MSVC doesn&#39;t support C99 or C11 yet (I don&#39;t know if newer MSVC does), and I can build it on my Linux box using the latest GCC. So if we would just drop in a newer GCC it would probably build just as fine as before.

Is using an outdated C compiler a security risk?

How to simply store a String in Keychain and load when needed.
There are several SO solution which mostly refers to Git repo. But I need the smallest and the simplest solution on latest Swift. Certainly, I don&#39;t want to add git framework for simply storing a password in my project.

There are similar solution https://stackoverflow.com/questions/30719638 , which did not work for me. Tired with compiler errors.

Save and Load from KeyChain | Swift

I don&#39;t know if this going to happen, but I will try it.

For past hour I did research on image upload safety. I learned that there a lot of functions to test the upload.

In my project, I need to be safe with images uploaded. There also may be a really big amount of it and it may require a lot of bandwidth, so buying an API is not an option.

So I decided to get a full PHP script for REALLY secure image upload. I also think it will help for many of people out there, because it&#39;s impossible to find really secure one. But I am not expert in php, so it&#39;s really headache for me to add some functions, so I will ask for this community help to create one full script of REALLY secure image upload.

Really great topics about that are here (however, they are just telling what is needed to do the trick, but not how to do this, and as I said I am not a master on PHP, so I am not able to do this all by myself):
https://stackoverflow.com/questions/4166762/php-image-upload-security-check-list
https://security.stackexchange.com/questions/32852/risks-of-a-php-image-upload-form

In summary, they are telling that this is what is needed for security image upload (I will quote from the above pages):

&gt;  - Disable PHP from running inside the upload folder using .httaccess.
&gt;  - Do not allow upload if the file name contains string &quot;php&quot;.
&gt;  - Allow only extensions: jpg,jpeg,gif and png.
&gt;  - Allow only image file type.
&gt;  - Disallow image with two file type.
&gt;  - Change the image name. Upload to a sub-directory not root directory.

&gt; Also:
&gt; 
&gt;  - Re-process the image using GD (or Imagick) and save the processed    image. All others are just fun boring for hackers&quot;
&gt;  - As rr pointed out, use move_uploaded_file() for any upload&quot;
&gt;  - By the way, you&#39;d want to be very restrictive about your upload       folder. Those places are one of the dark corners where many exploits  
&gt; happen. This is valid for any type of upload and any programming      
&gt; language/server. Check      
&gt; https://www.owasp.org/index.php/Unrestricted_File_Upload
&gt;  - Level 1: Check the extension (extension file ends with)
&gt;  - Level 2: Check the MIME type ($file_info =    getimagesize($_FILES[&#39;image_file&#39;]; $file_mime = $file_info[&#39;mime&#39;];)
&gt;  - Level 3: Read first 100 bytes and check if they have any bytes in the    following range: ASCII 0-8, 12-31 (decimal).
&gt;  - Level 4: Check for magic numbers in the header (first 10-20 bytes of    the file). You can find some of the files header bytes from
&gt; here:   
&gt; http://en.wikipedia.org/wiki/Magic_number_%28programming%29#Examples
&gt;  - You might want to run &quot;is_uploaded_file&quot; on the    $_FILES[&#39;my_files&#39;][&#39;tmp_name&#39;] as well. See   
&gt; http://php.net/manual/en/function.is-uploaded-file.php

Here&#39;s a big part of it, but still that&#39;s not all. (If you know something more which could help to make the upload even safier, please share.)

**THIS IS WHAT WE GOT NOW**

 - Main PHP:

        function uploadFile ($file_field = null, $check_image = false, $random_name = false) {
           
        //Config Section    
        //Set file upload path
        $path = &#39;uploads/&#39;; //with trailing slash
        //Set max file size in bytes
        $max_size = 1000000;
        //Set default file extension whitelist
        $whitelist_ext = array(&#39;jpeg&#39;,&#39;jpg&#39;,&#39;png&#39;,&#39;gif&#39;);
        //Set default file type whitelist
        $whitelist_type = array(&#39;image/jpeg&#39;, &#39;image/jpg&#39;, &#39;image/png&#39;,&#39;image/gif&#39;);
     
        //The Validation
        // Create an array to hold any output
        $out = array(&#39;error&#39;=&gt;null);
                    
        if (!$file_field) {
          $out[&#39;error&#39;][] = &quot;Please specify a valid form field name&quot;;           
        }
     
        if (!$path) {
          $out[&#39;error&#39;][] = &quot;Please specify a valid upload path&quot;;               
        }
            
        if (count($out[&#39;error&#39;])&gt;0) {
          return $out;
        }
     
        //Make sure that there is a file
        if((!empty($_FILES[$file_field])) &amp;&amp; ($_FILES[$file_field][&#39;error&#39;] == 0)) {
             
        // Get filename
        $file_info = pathinfo($_FILES[$file_field][&#39;name&#39;]);
        $name = $file_info[&#39;filename&#39;];
        $ext = $file_info[&#39;extension&#39;];
                   
        //Check file has the right extension           
        if (!in_array($ext, $whitelist_ext)) {
          $out[&#39;error&#39;][] = &quot;Invalid file Extension&quot;;
        }
                   
        //Check that the file is of the right type
        if (!in_array($_FILES[$file_field][&quot;type&quot;], $whitelist_type)) {
          $out[&#39;error&#39;][] = &quot;Invalid file Type&quot;;
        }
                   
        //Check that the file is not too big
        if ($_FILES[$file_field][&quot;size&quot;] &gt; $max_size) {
          $out[&#39;error&#39;][] = &quot;File is too big&quot;;
        }
                   
        //If $check image is set as true
        if ($check_image) {
          if (!getimagesize($_FILES[$file_field][&#39;tmp_name&#39;])) {
            $out[&#39;error&#39;][] = &quot;Uploaded file is not a valid image&quot;;
          }
        }
    
        //Create full filename including path
        if ($random_name) {
          // Generate random filename
          $tmp = str_replace(array(&#39;.&#39;,&#39; &#39;), array(&#39;&#39;,&#39;&#39;), microtime());
                           
          if (!$tmp || $tmp == &#39;&#39;) {
            $out[&#39;error&#39;][] = &quot;File must have a name&quot;;
          }     
          $newname = $tmp.&#39;.&#39;.$ext;                                
        } else {
            $newname = $name.&#39;.&#39;.$ext;
        }
                   
        //Check if file already exists on server
        if (file_exists($path.$newname)) {
          $out[&#39;error&#39;][] = &quot;A file with this name already exists&quot;;
        }
    
        if (count($out[&#39;error&#39;])&gt;0) {
          //The file has not correctly validated
          return $out;
        } 
    
        if (move_uploaded_file($_FILES[$file_field][&#39;tmp_name&#39;], $path.$newname)) {
          //Success
          $out[&#39;filepath&#39;] = $path;
          $out[&#39;filename&#39;] = $newname;
          return $out;
        } else {
          $out[&#39;error&#39;][] = &quot;Server Error!&quot;;
        }
             
         } else {
          $out[&#39;error&#39;][] = &quot;No file uploaded&quot;;
          return $out;
         }      
        }
    
    
        if (isset($_POST[&#39;submit&#39;])) {
         $file = uploadFile(&#39;file&#39;, true, true);
         if (is_array($file[&#39;error&#39;])) {
          $message = &#39;&#39;;
          foreach ($file[&#39;error&#39;] as $msg) {
          $message .= &#39;&lt;p&gt;&#39;.$msg.&#39;&lt;/p&gt;&#39;;    
         }
        } else {
         $message = &quot;File uploaded successfully&quot;.$newname;
        }
         echo $message;
        }

 - And the form:

        &lt;form action=&quot;&lt;?php echo $_SERVER[&#39;PHP_SELF&#39;]; ?&gt;&quot; method=&quot;post&quot; enctype=&quot;multipart/form-data&quot; name=&quot;form1&quot; id=&quot;form1&quot;&gt;
        &lt;input name=&quot;file&quot; type=&quot;file&quot; id=&quot;imagee&quot; /&gt;
        &lt;input name=&quot;submit&quot; type=&quot;submit&quot; value=&quot;Upload&quot; /&gt;
        &lt;/form&gt;


So, what I am asking is to help by posting snippets of codes which will help me (and everyone else) to make this Image Upload Script to make super secure.
Or by sharing/creating a full script with all the snippets added.

Full Secure Image Upload Script

Occasionally when troubleshooting bugs in production, it would be convenient to be able to hit our production REST server from my local dev environment. But i&#39;m concerned that adding localhost to allowed origins would be a security risk. Searches have yielded conflicting information. Are my concerns valid? Why or why not?

CORS - localhost as allowed origin in production

I am running my application in a Docker container as a non-root user. I did this since it is one of the best practices. However, while running the container I mount a host volume to it `-v /some/folder:/some/folder` . I am doing this because my application running inside the docker container needs to write files to the mounted host folder. But since I am running my application as a non-root user, it doesn&#39;t have permission to write to that folder

**Question**

Is it possible to give a nonroot user in a docker container access to the hosted volume?

If not, is my only option to run the process in docker container as root?

How to give non-root user in Docker container access to a volume mounted on the host

I read some posts about **&quot;JWT vs Cookie&quot;** but they only made me more confused...

1. I want some **clarification**, when people talking about &quot;token-based authentication vs cookies&quot;, **cookies** here merely refer to ***session cookies***? My understanding is that **cookie is like a medium**, it can be used to implement a token-based authentication(store something that can identify logged-in user on the **client side**) or a session-based authentication(store a constant on the client side that matches session information on the **server side**)

2. Why do we need **JSON web token**? I was using the standard cookie to implement token-based authentication(**not using session id, not use server memory or file storage**): `Set-Cookie: user=innocent; preferred-color=azure`, and the only difference that I observed is that JWT contains both **payload and signature**...whereas you can choose between **signed or plaintext** cookie for http header. In my opinion signed cookie (`cookie:&#39;time=s%3A1464743488946.WvSJxbCspOG3aiGi4zCMMR9yBdvS%2B6Ob2f3OG6%2FYCJM&#39;`) is more space efficient, the only drawback is that client cannot read the token, only the server can...but I think it&#39;s fine because just like *claim* in JWT is optional, it&#39;s not necessary for token to be meaningful



JWT vs cookies for token-based authentication

I recently read &quot;RFC 6265&quot; on the attribute &quot;Same Site&quot;, I looked at some articles that talked about that in April 2016, &quot;same-site&quot; attribute has been implemented for Chrome 51 and Opera 39 ...

I wonder if current PHP supports creating cookies with this attribute?


Reference: 

 * [Feature documentation on Chrome’s `chromestatus.com`](https://www.chromestatus.com/feature/4672634709082112)
 * [HTTPbis draft first adopted by Chrome](https://datatracker.ietf.org/doc/html/draft-west-first-party-cookies-07)
 * [Latest HTTPbis draft](https://datatracker.ietf.org/doc/draft-ietf-httpbis-rfc6265bis/?include_text=1)

PHP setcookie &quot;SameSite=Strict&quot;?

I am using a `WKWebView` in my native iPhone application, on a website that allows login/registration, and stores the session information in cookies.   I am trying to figure out how to persistently store the cookie information, so when the app restarts, the user still has their web session available.

I have 2 `WKWebViews` in the app, and they share a `WKProcessPool`.  I start with a shared process pool:

`WKProcessPool *processPool = [[WKProcessPool alloc] init];`

Then for each WKWebView:

    WKWebViewConfiguration *theConfiguration = [[WKWebViewConfiguration alloc] init]; 
    theConfiguration.processPool = processPool; 
    self.webView = [[WKWebView alloc] initWithFrame:frame configuration:theConfiguration];

When I log in using the first `WKWebView`, and then some time later pass the action to the 2nd `WKWebView`, the session is retained, so the cookies were successfully shared.  However, when I relaunch the app, a new process pool is created and the session information is destroyed.  Is there any way to get the session information to persist through an app restart?

WKWebView Persistent Storage of Cookies

I have created an app that simply uses a JWT sent by the server upon correct login credentials, and authorizes against any `/api` route on my backend Express.js server. 

AngularJS, on the other hand, took this token, stored it in session storage, and used an auth interceptor every go around to send the token back to the server.

I&#39;ve more recently come to understand how dangerous this practice is.

I understand the transfer method of tokens back and forth, in this scenario. However, would someone be so kind as to explain, at a high level, the method that takes place when you want to store that JWT inside a secure, HTTP only cookie that the client side Javascript cannot read?

For example: upon credential success

 1. cookie is created on server,
 2. create a JWT at the same time as the cookie
 3. store the JWT in a cookie property called token etc..

I&#39;m trying to gain a mental model here of how it works. If my understanding is correct, doing it this way wouldn&#39;t require an auth interceptor anymore because upon correct credential login, the server would do all of the transferring of the token inside the cookie.

How to store a JWT token inside an HTTP only cookie?

Orginally, I use the following ajax to set cookie. 

    function setCookieAjax(){
      $.ajax({
        url: `${Web_Servlet}/setCookie`,
        contentType: &#39;application/x-www-form-urlencoded;charset=utf-8&#39;,
        headers: { &#39;Access-Control-Allow-Origin&#39;: &#39;*&#39;,
                   &#39;username&#39;: getCookie(&quot;username&quot;),
                  &#39;session&#39;: getCookie(&quot;session&quot;)
        },
        type: &#39;GET&#39;,
        success: function(response){
          setCookie(&quot;username&quot;, response.name, 30);
          setCookie(&quot;session&quot;, response.session, 30);}
      })
    }

    function setCookie(cname, cvalue, minutes) {
        var d = new Date();
        d.setTime(d.getTime() + (minutes*60*1000));
        var expires = &quot;expires=&quot;+ d.toUTCString();
        document.cookie = cname + &quot;=&quot; + cvalue + &quot;; &quot; + expires;
    }

    export const getUserName = (component) =&gt; {
        setCookieAjax()
     $.ajax({
    	url: `${Web_Servlet}/displayHeaderUserName`,
    	contentType: &#39;application/x-www-form-urlencoded;charset=utf-8&#39;,
        headers: { &#39;Access-Control-Allow-Origin&#39;: &#39;*&#39;,
    				&#39;username&#39;: getCookie(&quot;username&quot;),
    				&#39;session&#39;: getCookie(&quot;session&quot;)
    			},
        type: &#39;GET&#39;,
        success: function(response){
            component.setState({
            usernameDisplay: response.message
    		})
       }.bind(component)
     })
    }

Now, I want to set the cookie using the servlet&#39;s adding cookie function. But I don&#39;t know how to achieve my purpose.

    Cookie loginCookie = new Cookie(&quot;user&quot;,user);  //setting cookie to expiry in 30 mins
    		loginCookie.setMaxAge(30*60);
    		loginCookie.setDomain(&quot;localhost:4480&quot;);
    		loginCookie.setPath(&quot;/&quot;);
    
    response.addCookie(loginCookie);

In order to extend the cookie timelimit, what should I write in the react side to receive the cookie&#39;s session time?

   


How can I set a cookie in react?

I&#39;m using [fetch API][1] within my React app. The application was deployed on a server and was working perfectly. I tested it multiple times. But, suddenly the application stopped working and I&#39;ve no clue why. The issue is when I send a `get` request, I&#39;m receiving a valid response from the server but also the fetch API is catching an exception and showing `TypeError: Failed to fetch`. I didn&#39;t even make any changes to the code and it&#39;s the issue with all of the React components.


I&#39;m getting a valid response:

[![enter image description here][2]][2]

But also getting this error at the same time:

[![enter image description here][3]][3]

    fetch(url)
    .then(res =&gt; res.json())
    .then(data =&gt; {
      // do something with data
    })
    .catch(rejected =&gt; {
        console.log(rejected);
    });

When I remove credentials: &quot;include&quot;, it works on localhost, but not on the server.

I tried every solution given on StackOverflow and GitHub, but it&#39;s just not working out for me.

  [1]: https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API
  [2]: https://i.stack.imgur.com/bIITr.png
  [3]: https://i.stack.imgur.com/8NUNH.png

Getting &quot;TypeError: Failed to fetch&quot; when the request hasn&#39;t actually failed

How do you correctly add query parameters to a Dart http get request? I been unable to get my request to respond correctly when trying to  append the &#39;?param1=one&amp;param2=two&#39; to my url, yet it works correctly in Postman. Here&#39;s the gist of  my code:

        final String url = &quot;https://www.myurl.com/api/v1/test/&quot;;
        String workingStringInPostman = &quot;https://www.myurl.com/api/v1/test/123/?param1=one&amp;param2=two&quot;;

        Map&lt;String, String&gt; qParams = {
         &#39;param1&#39;: &#39;one&#39;,
         &#39;param2&#39;: &#39;two&#39;,
        };


       var res = await http
          .get(Uri.encodeFull(&quot;$url${widget.pk}/&quot;),
          headers: {HttpHeaders.authorizationHeader: &quot;Token $token&quot;, 
            HttpHeaders.contentTypeHeader: &quot;application/json&quot;},
    );

The ${widget.pk} is simply a integer value being pass (See the value 123 in the workingStringInPostman variable.

The qParams is there for connivence, in case a Uri parameter is needed.

A code example would be welcomed.


Content Type	Original Author	Original Content on Stackoverflow
Question	BobtheMagicMoose	View Question on Stackoverflow
Solution 1 - Javascript	sfy	View Answer on Stackoverflow
Solution 2 - Javascript	ChukwuEmeka	View Answer on Stackoverflow
Solution 3 - Javascript	Tudor Constantin	View Answer on Stackoverflow

How to set cookie secure flag using javascript

Javascript Problem Overview

Javascript Solutions

Solution 1 - Javascript

Solution 2 - Javascript

Solution 3 - Javascript

Choice made by Python 3.5 to choose the keys when comparing them in a dictionary

Difference between Calendar.HOUR and Calendar.HOUR_OF_DAY?

Attributions