Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Check if httponly cookie exists in Javascript

Tags:

As the question says can you find out if a cookie exists within Javascript if it is a HttpOnly? I don't need to access the information inside of it, just know it has one.

A little more information on the situation is that there was originally a web server which used a cookie as an authentication token, and it was set to httponly as it was not used by the client so it added to the security.

However now there is a change needed where the client needs to know if it has the cookie (as the site can work without the user being logged in, but if they are logged in (the auth cookie would exist) the site needs to display certain things and hide others.

There are other security precautions in place on the web server so there is no harm in the scenario where the client has an incorrect auth cookie, but the site makes it look like they are logged in, as it would delete the cookie and reject the user.

like image 505
Grofit Avatar asked Feb 19 '12 21:02

Grofit

People also ask

Can you check if HttpOnly cookie exists in JavaScript?

You can indirectly check to see if it exists by trying to set it to a value with javascript if it can't be set, then the HTTP Only Cookie must be there (or the user is blocking cookies).

How do you check if cookies are HttpOnly?

Press F12, go to the network tab, and then press Start Capturing. Back in IE then open the page you want to view. Back in the F12 window you show see all the individual HTTP requests, select the one that's the page or asset you're checking the cookies on and double click on it.

How do you know if a cookie is present?

document. cookie. indexOf('cookie_name='); It will return -1 if that cookie does not exist.

Can we delete HttpOnly cookie in JavaScript?

By setting many cookies, an application can cause the browser to remove old cookies. This even works from JavaScript, and it also removes HttpOnly cookies. So by setting many cookies, it is possible for a script to remove HttpOnly cookies.

1 Answers

You can indirectly check to see if it exists by trying to set it to a value with javascript if it can't be set, then the HTTP Only Cookie must be there (or the user is blocking cookies).

function doesHttpOnlyCookieExist(cookiename) {   var d = new Date();   d.setTime(d.getTime() + (1000));   var expires = "expires=" + d.toUTCString();    document.cookie = cookiename + "=new_value;path=/;" + expires;   return document.cookie.indexOf(cookiename + '=') == -1; }
like image 86
Eric Labashosky Avatar answered Sep 18 '22 15:09

Eric Labashosky
Sign in to Comment

Related questions

$(window).unload is not firing
Why use base class pointers for derived classes
Count number of digits - which method is most efficient?
Recursively remove empty elements and subarrays from a multi-dimensional array
How could I render to a string a JSON representation of a JBuilder view?
LINQ group by then order groups of result
data in onActivityResult is null
How to get current date/time as a date object in PHP
I updated java and eclipse does not work
Calculate 95th percentile in Ruby?
Asynctask: pass two or more values from doInBackground to onPostExecute
Symfony2 dev environment works, prod environment gives 404 error

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!