set option httpOnly dosen't work

koajs / session

Simple session middleware for koa

MIT License

902 stars 113 forks source link

set option httpOnly dosen't work #54

Closed zhangmengxue closed 8 years ago

zhangmengxue commented 8 years ago

I was using koa-session. While I set httpOnly prop like this:

var nickName = encodeURIComponent(userData.data.nick),
        empId = encodeURIComponent(userData.data.empid);
    var cookiesOpt = {
        maxAge : 1296000000,
        path : '/',
        httpOnly: false
    };
    this.cookies.set('nick', nickName, cookiesOpt);
    this.cookies.set('empId', empId, cookiesOpt);

I want to get all cookies through document.cookie. but the cookies still have http flag. Did I miss something?

zhangmengxue commented 8 years ago

Actually,I need to clear the old cookies. And I think it ' s not appropriate. Whatever, I don't have problems now.

tomoat commented 7 years ago

I already clear the old cookies, But it still doesn't work

app.use(session({key: 'koa:sess', signed: true, overwrite: true, httpOnly: false}, app))