Title: Http-Only Cookie
Last modified: October 15, 2018

---

# Http-Only Cookie

 *  Resolved [gvanastasov](https://wordpress.org/support/users/gvanastasov/)
 * (@gvanastasov)
 * [7 years, 8 months ago](https://wordpress.org/support/topic/http-only-cookie/)
 * Hello fellow devs,
    Got a small question – where can i set the JWT cookie to 
   be http-only? Also is it worth doing so?
 * i can see theres no such option in the plugin code:
    `if ($container === 'cookie'){
   setcookie( 'aam-jwt', $token, time() + $expire, // 3 hours '/', parse_url(get_bloginfo('
   url'), PHP_URL_HOST), is_ssl() ); }
 * Big thanks for the plugin.
 * Br,

Viewing 1 replies (of 1 total)

 *  Plugin Author [AAM Plugin](https://wordpress.org/support/users/vasyltech/)
 * (@vasyltech)
 * [7 years, 8 months ago](https://wordpress.org/support/topic/http-only-cookie/#post-10783331)
 * Hi [@gvanastasov](https://wordpress.org/support/users/gvanastasov/),
 * You are ahead with your question and I have a good answers for you. Yes, you 
   can specify HTTP Only cookie with upcoming AAM 5.5 release that currently you
   can already get with the dev release [https://downloads.wordpress.org/plugin/advanced-access-manager.zip](https://downloads.wordpress.org/plugin/advanced-access-manager.zip)
 * So basically in order to make JWT cookie HTTP Only you can add this Config on
   the ConfigPress tab:
 *     ```
       [aam]
       authentication.jwt.cookie.httpOnly = true
       ```
   

Viewing 1 replies (of 1 total)

The topic ‘Http-Only Cookie’ is closed to new replies.

 * ![](https://ps.w.org/advanced-access-manager/assets/icon-256x256.png?rev=3447421)
 * [Advanced Access Manager – Access Governance for WordPress](https://wordpress.org/plugins/advanced-access-manager/)
 * [Support Threads](https://wordpress.org/support/plugin/advanced-access-manager/)
 * [Active Topics](https://wordpress.org/support/plugin/advanced-access-manager/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/advanced-access-manager/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/advanced-access-manager/reviews/)

## Tags

 * [cookie](https://wordpress.org/support/topic-tag/cookie/)
 * [jwt](https://wordpress.org/support/topic-tag/jwt/)

 * 1 reply
 * 2 participants
 * Last reply from: [AAM Plugin](https://wordpress.org/support/users/vasyltech/)
 * Last activity: [7 years, 8 months ago](https://wordpress.org/support/topic/http-only-cookie/#post-10783331)
 * Status: resolved