Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

how do i/can i access a sessionid cookie through javascript?

I've installed the cookie extension for jquery, and am attempting to access the session id cookie.

I currently have two cookies for my session - see screenshot below:

cookie screen shot

however, $.cookie() only lists one:

> $.cookie()
Object {csrftoken: "fFrlipYaeUmWkkzLrQLwepyACzTfDXHE"}
> $.cookie('sessionid')
undefined

can i/how do i access the sessionid cookie from javascript?

like image 990
blueberryfields Avatar asked Dec 25 '22 19:12

blueberryfields


1 Answers

The session id cookie should be marked as HTTP Only, preventing access from javascript. This is a security issue, preventing session hijacking via an xss vulnerability.

You can see in your screenshot that the cookie is indeed marked as HTTP.


If you want to learn more about the flag see here. Originally implemented by IE, most browsers support the flag nowadays, and session cookies not marked http-only are considered a security flaw. Also see here.

like image 165
Jason P Avatar answered Dec 28 '22 10:12

Jason P