Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Session cookie not available in document.cookie

Tags:

javascript

cookies

session

I can see the cookie is being transmitted via Chrome Network inspector:

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:rack.session=BAh7B8kiD3Nlc3Npb25faWQGOgZFRiJFMmYwOTZmZGY1NDEzNGVhYWJhYjcz%0ANmUzYmE5NzYyZmRmM2EyYjk4YWNlNzYzNjdkOGI5MDFiNTU3MDg0NWUzY0ki%0ADXRyYWNraW5nBjsARnsISSIUSFRUUF9VU0VSX0FHRU5UBjsARiItMjVhMmFj%0AZDI5zWU2NTJkY2QyMzA4MzI3NmYxNTk2YjU2ZjBkNmUwNkkiGUhUVFBfQUND%0ARVBUX0VOQ09ESU5HBjsARiItZWQyYjNjYTkwYTRlNzIzNDAyMzY3YTFkMTdj%0AOGIyODM5Mjg0MjM5OEkiGUhUVFBfQUNDRVBUX0xBTkdVQUdFBjsARiItY2M5%0AZjZmZWM2NTJhNDI1OGJjNmQyOTI4NzA1MjE3OWFiMWUwZDE0Nw%3D%3D%0A--82a2216513ed8ce3bbcd0f2fe2162e7c40847499; test=whee
Host:0.0.0.0:4567
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17

But when I dump document.cookie to the console I don't see it! Entire contents of served file:

<script type="text/javascript">
    console.log(document.cookie)
</script>

Is this normal?

like image 718
jchook Avatar asked Feb 01 '13 06:02

jchook

People also ask

Can't access cookies from document cookie in JS but browser shows cookies exist?

You are most likely dealing with httponly cookies. httponly is a flag you can set on cookies meaning they can not be accessed by JavaScript. This is to prevent malicious scripts stealing cookies with sensitive data or even entire sessions.

Is session dependent on cookie?

Sessions are cookies dependent, whereas Cookies are not dependent on Session. The session ends when the user closes the browser or logout from the application, whereas Cookies expire at the set time. A session can store as much data as a user want, whereas Cookies have a limited size of 4KB.

Is session independent of cookies by default?

By default, SessionID values are stored in a cookie. However, you can also configure the application to store the SessionID value in the URL for a "cookieless" session.

1 Answers

HttpOnly is an additional flag included in a Set-Cookie HTTP response header. Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie (if the browser supports it).

like image 178
Alfred Zhao Avatar answered Oct 06 '22 00:10

Alfred Zhao
Sign in to Comment

Related questions

Get street graph for a game using Google Maps API
JavaScript crypto libraries? [closed]
How to replace and append with Javascript
Can we give attribute "name" to HTML <table>?
Whats better to redirect, screen resolution or user agent? [closed]
addEventHandler to every element in a class
Add option to a select and select it
Scale SVG around center with plain javascript
Can I change the color of Disabled HTML Select Element in IE?
can I linebreak in paper.js library
tool to easily mock restful service [closed]
Looking for a PHP regex or function to filter variations using . of an email for security
Draw a Line with Pen Tool on Canvas Smothly without Having to Redraw All Other Lines
Angularjs Pagination directive
pdf.js analog for Word Documents
Hide/Show rows based on multiple dropdown selections (filtering)
DataError when creating an index with a compound key in IE 10
canvas draw circle with quadratic curve
Isolate the leftmost 1-bit
Detecting mouse cursor type change in a webpage

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!