Learn Pain Less

HomeOur TeamContact
How to set cookie in header with the request flutter
Pawneshwer Gupta
Pawneshwer Gupta
August 02, 2020
2 min
How to set cookie in header with the request flutter

Cookies are often nice as they need certain flags which will be set to enforce security checks like HTTP Only and Secure. By setting HTTP Only and Secure flags, the cookie can’t be read by any Javascript code nor be sent in plain text over HTTP. Thus the Cookie are often resistant to XSS attacks as described within the local storage Section. Cookies are often susceptible to a special sort of attack called cross site request forgery (XSRF or CSRF). XSRF means a hacker on a special site can replicate some input form on your own site and POST form data to our own site. While the hacker doesn’t have access to the cookie, cookies are transferred with every HTTP request to your real domain that the cookie is valid for. Thus, the hacker doesn’t got to read the cookie, it just must successfully POST form data to your real site. this is often one among the risks with cookies. they’re sent for each request, static, AJAX, etc. There are ways around this, but the main purpose is that your web server must recognize whether the request coming from your real website or application running during a browser or somebody else . a method to try to to this is often with a hidden anti-forgery token. a method is to get and store a special random key within the cookie that also must be sent with the POSTed form data. Remember, only your real site can access the cookie but the hacker site cannot thanks to same origin policy. Then your server can verify that cookie’s token matches the token in request header. There are other options for cover on XSRF.

Note: If you are looking for certificates based api call security then you can read How to implement SSL Pinning in your Flutter App

  • Call login api without cookie, and we will get cookie in response header.
  • Pass that cookie in request header of further api calls.
  • If cookie doesn’t match on server then api call will fail.

In this tutorial i will use dio library for HTTP calls.

code of api_provider.dart file

code of main.dart file

So if we call /restaurant/all api without cookie then it will give error. So we have to call login api first, and we will get Cookie from response header of login api. And after that we can use that Cookie in request header of next api.

So this is how we can secure api calls in flutter using cookies in request header of every api call.

Learn Flutter in 90 days with Pawneshwer!

Dart Beginners Course in Hindi free of cost for limited period.

Start Learning







Subscribe to our newsletter!

We'll send you the best of our blog just once a month. We promise.


apiheader cookiesecurityfeatured


Pawneshwer Gupta

Pawneshwer Gupta

Software Developer

Pawneshwer Gupta works as a software engineer who is enthusiastic in creating efficient and innovative software solutions.



Social Media

Related Posts

Why we have to think about state in flutter (Beginner's question)
Why we have to think about state in flutter (Beginner's question)
August 08, 2020
2 min
Learn Pain Less  © 2024, All Rights Reserved.
Crafted with by Prolong Services

Quick Links

Advertise with usAbout UsContact Us

Social Media