Learn Pain Less

How to set cookie in header with the request flutter

How cookie helps?

Cookies are often nice as they need certain flags which will be set to enforce security checks like HTTP Only and Secure. By setting HTTP Only and Secure flags, the cookie can’t be read by any Javascript code nor be sent in plain text over HTTP. Thus the Cookie are often resistant to XSS attacks as described within the local storage Section. Cookies are often susceptible to a special sort of attack called cross site request forgery (XSRF or CSRF). XSRF means a hacker on a special site can replicate some input form on your own site and POST form data to our own site. While the hacker doesn’t have access to the cookie, cookies are transferred with every HTTP request to your real domain that the cookie is valid for. Thus, the hacker doesn’t got to read the cookie, it just must successfully POST form data to your real site. this is often one among the risks with cookies. they’re sent for each request, static, AJAX, etc. There are ways around this, but the main purpose is that your web server must recognize whether the request coming from your real website or application running during a browser or somebody else . a method to try to to this is often with a hidden anti-forgery token. a method is to get and store a special random key within the cookie that also must be sent with the POSTed form data. Remember, only your real site can access the cookie but the hacker site cannot thanks to same origin policy. Then your server can verify that cookie’s token matches the token in request header. There are other options for cover on XSRF.

Note: If you are looking for certificates based api call security then you can read How to implement SSL Pinning in your Flutter App

How to set cookie in flutter?

Steps to use cookie:

• Call login api without cookie, and we will get cookie in response header.
• Pass that cookie in request header of further api calls.
• If cookie doesn’t match on server then api call will fail.

In this tutorial i will use dio library for HTTP calls.

code of api_provider.dart file

code of main.dart file

So if we call /restaurant/all api without cookie then it will give error. So we have to call login api first, and we will get Cookie from response header of login api. And after that we can use that Cookie in request header of next api.

So this is how we can secure api calls in flutter using cookies in request header of every api call.