After the token of eggjs is changed to session storage, how does the front end get

according to the official website, the configuration is as follows:

clipboard.png

cookie

clipboard.png

but what I get with document.cookie is an empty string

seek the answer of the Great God

Apr.24,2022

1. The cookie of egg is not allowed by httpOnly by default. You can modify this configuration when setting cookie.

2. Csrf does not need to use session, and csrf is placed in cookie by default and can be read.

3. It is recommended to use other fields for identification.

add:

1. The csrf token of egg is recommended to be refreshed after each visit, which is timely and can be found in the document.
2. Do not rely on random strings generated by other plug-ins for identification, because this is uncertain.
3. Each website should have its own authorization authentication system to facilitate data query, storage, analysis, and other corresponding requirements.

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1b3a38e-2c1ff.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1b3a38e-2c1ff.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?