Hi, so I just wanted to know how security is provided in the supertokens via the cookies, since accesstoken is accessible via cookies, it can be used to forge the identity right? Will the accesstoken be always readable on the frontend cookies?
r
rp
04/12/2023, 9:06 AM
hey @vigneshkumar we add the access token as httpOnly cookies which is not readable from the frontend
st-bot-test-case
its cookie based by default for web sites.
v
vigneshkumar
04/12/2023, 12:31 PM
So, httpOnly is set by the supertokens core right? Why do I see tokens in the cookie details after I login? Am I doing something wrong?
r
rp
04/12/2023, 12:56 PM
it is set by supertokens. You can see httpOnly cookies in the network tab, but the JS can't read it