Meteor cookie & meteor_login_token

Question

Meteor cookie & meteor_login_token

According to docs , Meteor does not use session cookies.

However, what was the meteor_login_token cookie used then? It looks like a session cookie, created after the user has successfully logged in, and then passed it to every request made to the server.

+7

javascript meteor meteor-accounts

yzT Aug 2 '16 at 8:08

source share

1 answer

Hideo · Accepted Answer · 2016-08-09T10:36:09+0000

Meteor definitely does not use cookies.

Do you have additional packages with your application that can add this cookie? For example, fast-render has the ability to retrieve user-related data by sending the same login token using cookies.

If we look at their code , they really have a function that sets a cookie called meteor_login_token .

 function setToken(loginToken, expires) { Cookie.set('meteor_login_token', loginToken, { path: '/', expires: expires }); }

This behavior is described in the readme security section .

If you are not using fast-render , you should definitely check out any additional packages that you have that can add an additional cookie.

Meteor cookie & meteor_login_token

More articles: