Share via

Cookies identified as client-side cookies are set locally on the client device by JavaScript is not safe

Alex Ren (Medalsoft) 41 Reputation points
2023-02-06T11:00:09.38+00:00

link:https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-web-browser-cookies

This failure to set the Cookie to HttpOnly=true is incorrect in terms of our company's IT policy. Is there any way I can set these authentication-related cookies to HttpOnly on the front end?

User's image

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments
Accepted answer
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator
    2023-02-06T15:33:52.6566667+00:00

    Hello, setting all cookies as HttpOnly=true will not allow JavaScript to access them. This is required by Azure AD UI and cannot be changed. Security, however, is implemented trough different techniques/features. Azure AD UI scripts are safe to use.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.