Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vignette or clearer example: Setting HttpOnly Cookies #74

Open
jonthegeek opened this issue Nov 9, 2023 · 4 comments
Open

Vignette or clearer example: Setting HttpOnly Cookies #74

jonthegeek opened this issue Nov 9, 2023 · 4 comments

Comments

@jonthegeek
Copy link
Contributor

  1. Make sure this makes sense as-implemented.
  2. Give at least a better example, and likely a vignette.
@avais88786
Copy link

avais88786 commented Nov 9, 2023

Fairly new to R and trying to set cookie as http in RShiny App, looking for a simple example that I can re-implement.

Use Case wise -> Use logs in with their username/password on azure b2c login page, the redirect comes to rshiny app, in the server side, we call get_azure_token to get access token, need to save this token as http cookie in the user session

@jonthegeek
Copy link
Contributor Author

@avais88786 Does it need to be http-only? I recommend trying the "normal" javascript versions first; that's what most tutorials on using cookies will help you implement. It's more secure to use http-only, but it isn't a base-level requirement.

I want to make sure I'm helping with the right thing; perhaps I just need to make it clearer what HttpOnly is for?

@avais88786
Copy link

@jonthegeek if its easier to put a sample then only.

Normal js cookies work perfect and got the app running 100% with them, just covering my base from corporate secuirty reqs if they raise for it to be httponly - in case.

Btw thanks for the library, works great :)

@jonthegeek
Copy link
Contributor Author

Ok, great! I'm glad you were able to implement the JS workflow!

I'll probably write the HttpOnly vignette (if that's the route I take) with exactly this sort of case in mind: You already have it working, but now you want to punch up the security a bit.

I need to experiment a little to see if I can make things a little easier. Right now, the HttpOnly case uses some fairly advanced Shiny techniques (where you change the UI depending on whether or not they have the cookie, basically). You can see a demo in {[(https://github.com/r4ds/shinyslack)}, but I haven't updated that code in quite a while and I'm guessing it isn't very easy to follow!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants