Cookies are often nice as they need certain flags which will be set to enforce security checks like HTTP Only and Secure. By setting HTTP Only and Secure flags, the cookie can’t be read by any Javascript code nor be sent in plain text over HTTP. Thus the Cookie are often resistant to XSS attacks as described within the local storage Section. Cookies are often susceptible to a special sort of attack called cross site request forgery (XSRF or CSRF). XSRF means a hacker on a special site can replicate some input form on your own site and POST form data to our own site. While the hacker doesn’t have access to the cookie, cookies are transferred with every HTTP request to your real domain that the cookie is valid for. Thus, the hacker doesn’t got to read the cookie, it just must successfully POST form data to your real site. this is often one among the risks with cookies. they’re sent for each request, static, AJAX, etc. There are ways around this, but the main purpose is that your web server must recognize whether the request coming from your real website or application running during a browser or somebody else . a method to try to to this is often with a hidden anti-forgery token. a method is to get and store a special random key within the cookie that also must be sent with the POSTed form data. Remember, only your real site can access the cookie but the hacker site cannot thanks to same origin policy. Then your server can verify that cookie’s token matches the token in request header. There are other options for cover on XSRF.
Note: If you are looking for certificates based api call security then you can read How to implement SSL Pinning in your Flutter App
In this tutorial i will use dio library for HTTP calls.
So if we call /restaurant/all
api without cookie then it will give error. So we have to call login api first, and we will get Cookie from response header of login api. And after that we can use that Cookie in request header of next api.
LESSONS
COURSES
TUTORS
Quick Links
Legal Stuff
Social Media