send tokens in httpOnly secure Cookies

hagopj13 / node-express-boilerplate

A boilerplate for building production-ready RESTful APIs using Node.js, Express, and Mongoose

MIT License

6.99k stars 2.05k forks source link

send tokens in httpOnly secure Cookies #220

Closed Hermes-fire closed 2 years ago

Hermes-fire commented 2 years ago

sending Accesstoken in json response isn't secure, it's better to send it in a cookie, i've already implemented it and if it's ok i would like to push changes