security - How to set "secure" flag for localStorage using ngStorage & Angularjs -


i have angularjs 1.6 application.

i'm using jwt (json web token) authentication. means on login, send credential server, server replies jwt token front end send in other request prove user identified.

the server check token valid before sending data.

during security audit, external company did penetration testing in our website , came saying:

the “authsession” cookie not flagged secure

i'm trying understand have make "secure".

i'm storing token in localstorage using ngstorage, line of code have store token is:

$localstorage['token'] = itoken; 

i don't think understand correctly "cookie not flagged secure" means.

looking @ various websites, seems (with cookies, i'm not sure if that's same localstorage) mark cookie secure, need add ";secure" @ end of value want store.

so question is: how make storing token "secure" ngstorage? have append ";secure" @ end of token , strip when retrieve token ?


Comments

Popular posts from this blog

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

python Tkinter Capturing keyboard events save as one single string -

sql server - Why does Linq-to-SQL add unnecessary COUNT()? -