access token in cookies

Question

Hi so I just wanted to know how security is provided in the supertokens via the cookies since accesstoken is accessible via cookies it can be used to forge the identity right Will the accesstoken be always readable on the frontend cookies

rp · Answer

hey < vigneshkumar> we add the access token as httpOnly cookies which is not readable from the frontend

rp · Answer

st bot test case

rp · Answer

its cookie based by default for web sites

vigneshkumar · Answer

So httpOnly is set by the supertokens core right Why do I see tokens in the cookie details after I login Am I doing something wrong

rp · Answer

it is set by supertokens You can see httpOnly cookies in the network tab but the JS can t read it