Bird
0
0

Why is it important to set the 'httpOnly' flag on session cookies in a NestJS app using session-based authentication?

hard📝 Conceptual Q10 of 15
NestJS - Authentication
Why is it important to set the 'httpOnly' flag on session cookies in a NestJS app using session-based authentication?
ATo make the cookie accessible only over HTTPS
BTo prevent client-side scripts from accessing the cookie and reduce XSS risk
CTo allow JavaScript to read the cookie for UI updates
DTo enable cookie sharing across different domains
Step-by-Step Solution
Solution:

  1. Step 1: Understand httpOnly cookie flag

    The httpOnly flag prevents JavaScript running in the browser from accessing the cookie.

  2. Step 2: Recognize security benefits

    This reduces the risk of cross-site scripting (XSS) attacks stealing session cookies.

  3. Final Answer:

    To prevent client-side scripts from accessing the cookie and reduce XSS risk -> Option B

  4. Quick Check:

    httpOnly protects cookies from JS = C [OK]
Quick Trick: Set httpOnly to protect session cookies from JavaScript [OK]
Common Mistakes:
  • Thinking httpOnly allows JS access
  • Confusing httpOnly with secure flag
  • Assuming it enables cross-domain sharing

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More NestJS Quizzes
Authentication - Why authentication secures NestJS APIs - Quiz 15hard Authentication - Refresh token pattern - Quiz 6medium Database with Prisma - Schema definition - Quiz 11easy Database with Prisma - Schema definition - Quiz 10hard Database with Prisma - Prisma Client usage - Quiz 14medium Database with TypeORM - Repository pattern - Quiz 1easy Middleware - Why middleware processes requests before handlers - Quiz 2easy Pipes - Default value pipe - Quiz 12easy Pipes - Built-in pipes (ParseIntPipe, ParseBoolPipe) - Quiz 8hard Pipes - File validation pipe - Quiz 7medium