There is something I really don't understand here :
I have express running on server-side, with session initialized.
app.use(express.session({
secret: 'mySecret'
})
}));
As mentionned in this post Confusion over session IDs using Connect, it sends a connect.sid cookie to any request.
On the client-side, I want to read the content of this cookie, and it feels impossible :
angular.module('myApp.controllers', ['ngCookies','myApp.services'])
.controller('homeCtrl', function($scope, $cookies) {
$cookies['test']='myValue';
console.log($cookies);
});
When I run this, I get this object in the log : Object {test: "myValue"}
, whereas if I go to ressources tab in Chrome debugger, I can see both cookies :
What am I doing wrong ?
Is it impossible to access server-made cookies from angular ?
Thanks
By default connect session uses a httpOnly cookie (look here).
Reading the cookie is always forbidden when httpOnly flag is set.
Try to disable the httpOnly flag:
app.use(express.session({
secret: 'mySecret',
cookie: { httpOnly: false }
}));
Be careful that you are not fixing one problem but creating another, and worse problem. The httpOnly flag is usually used to defend against XSS attacks. See this link at OWASP for more details: https://www.owasp.org/index.php/HttpOnly
Interesting story about this here: http://blog.codinghorror.com/protecting-your-cookies-httponly/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With