Front and rear separation set-cookie failure

as shown in the title:
because the front and rear ends are separated from each other, jwt is used as a token to save user information.
token is easy to be attacked by XSS when placed in localstorage, so I thought of using httpOnly"s cookie to save token information.
but the front and back end is cross-domain, and the back-end set-cookie has no effect. It"s stuck here right now. I hope the boss can help solve it

.
Jul.26,2021

you can use session, to store session in redis to share


one. The separation of front and back ends should not be cross-domain. If cross-domain, api requests will also cause problems. Therefore, the backend should first set the allowed domain name.
2, in fact, it is as easy to be attacked by XSS in localStorage as it is in cookie, so don't expose too sensitive information. We obtain jwt, in the return process, and then the frontend gets the token, frontend control in the return process and puts it in the cookie or localStorage. Generally, the backend does not control the frontend.


        Cookie cookie = new Cookie("token","XXXXX");
        cookie.setHttpOnly(true);
        //
        cookie.setPath("*.baidu.com");

what does token have to do with xss attacks?

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b225c5-2b613.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b225c5-2b613.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?