How to modify a client created cookie in Go?


(Hei Li) #1

My client (web browser) will create a cookie with JWT information that it got from an authentication service, I want the cookie to be sent to my API resource server where it will be used to authenticate the user. The API resource server has to modify the client cookie to httpOnly to prevent any further javascript tampering.

cookie, err := r.Cookie(“JWT”)
cookie.HttpOnly = true
http.SetCookie(w, cookie)

This doesn’t seem to replace the old “JWT” cookie but produces a new one.

Thank you very much!