Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can I check for the existence of an HTTP only cookie with Javascript? [duplicate]

Can I use Javascript to see if an HTTP-only cookie exists, I don't want to see the value, just know whether or not it is there.

I need this because I have an API using cookie based authentication with servicestack, with a client side SPA. I need to know, client side, whether or not I am authenticated.

Is this possible?

like image 253
JMK Avatar asked May 16 '15 15:05

JMK


People also ask

Can you check if HTTPOnly cookie exists in JavaScript?

An HttpOnly cookie cannot be accessed by client-side APIs, such as JavaScript. This restriction eliminates the threat of cookie theft via cross-site scripting (XSS). If the browser allowed you to access it then it would be a defect in the browser.

How do you check if a cookie is HTTP only?

You can determine whether or not a session cookie is missing the HttpOnly flag by checking the domain against https://securityheaders.com. Alternatively, you can validate with the Google Chrome developer tools when examining the HTTP Response header Set-Cookie.

Can JavaScript delete HTTP only cookie?

In order to delete a cookie from JS, therefore, you need to ensure that you are addressing the correct cookie by both name and flag values, and that it doesn't have HTTPOnly flag set, and that you're on a page with a HTTPS certificate. If any of these are not true, you won't be able to edit/delete it.

What is HTTP only cookie JavaScript?

An HttpOnly Cookie is a tag added to a browser cookie that prevents client-side scripts from accessing data. It provides a gate that prevents the specialized cookie from being accessed by anything other than the server.


1 Answers

No.

HTTP-only cookies are not exposed to the JS in any way. That is the point of the HTTP-only flag.

like image 88
Quentin Avatar answered Oct 03 '22 00:10

Quentin