I have tried to set a cookie using document.cookie = "tagname = test; secure"
but this does not set the secure flag. Am I setting it wrong? Can you only set it from a server response? I am also wondering that, because I have had a difficult time finding an example of its use, that it probably is not commonly used?
Thanks a bunch!
Secure as in the cookie cannot be read by Javascript running in the browser — ie. document. cookie will not work. Known as the "HttpOnly" flag.
JavaScript can create, read, and delete cookies with the document.
The Secure flag is used to declare that the cookie may only be transmitted using a secure connection (SSL/HTTPS). If this cookie is set, the browser will never send the cookie if the connection is HTTP. This flag prevents cookie theft via man-in-the-middle attacks.
TL:DR
document.cookie = "tagname = test;secure";
You have to use HTTPS to set a secure attribute
The normal (or formal, maybe) name is attribute. Since the flag refers to other things.
More Info
Secure - Cookie will be sent in HTTPS transmission only.
HttpOnly- Don't allow scripts to access cookie. You can set both of the Secure and HttpOnly.
Domain- specify the hosts to which the cookie will be sent.
Path - create scopes, cookie will be sent only if the path matches.
Expires - indicates the maximum lifetime of the cookie.
More details and practical usages. Check Testing_for_cookies_attributes_(OTG-SESS-002)
UPDATES The following contents expire in June 2, 2016.
Cookie flags are prefixes. At the moment, they are described in the RFC draft as a update to the RFC6265
These flags are used with the 'secure' attribute.
__Secure-
The dash is a part of the prefix. This flag tells the browser, the cookie should only be included in 'https'.
__Host-
A cookie with this flag
must not have 'domain' attribute, it will be only sent to the host which set it.
Must have a 'path' attribute, that is set to '/', because it will be sent to the host in every request from the host.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With