jchook
Reputation: 7220
Session cookie not available in document.cookie
I can see the cookie is being transmitted via Chrome Network inspector:
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:rack.session=BAh7B8kiD3Nlc3Npb25faWQGOgZFRiJFMmYwOTZmZGY1NDEzNGVhYWJhYjcz%0ANmUzYmE5NzYyZmRmM2EyYjk4YWNlNzYzNjdkOGI5MDFiNTU3MDg0NWUzY0ki%0ADXRyYWNraW5nBjsARnsISSIUSFRUUF9VU0VSX0FHRU5UBjsARiItMjVhMmFj%0AZDI5zWU2NTJkY2QyMzA4MzI3NmYxNTk2YjU2ZjBkNmUwNkkiGUhUVFBfQUND%0ARVBUX0VOQ09ESU5HBjsARiItZWQyYjNjYTkwYTRlNzIzNDAyMzY3YTFkMTdj%0AOGIyODM5Mjg0MjM5OEkiGUhUVFBfQUNDRVBUX0xBTkdVQUdFBjsARiItY2M5%0AZjZmZWM2NTJhNDI1OGJjNmQyOTI4NzA1MjE3OWFiMWUwZDE0Nw%3D%3D%0A--82a2216513ed8ce3bbcd0f2fe2162e7c40847499; test=whee
Host:0.0.0.0:4567
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17
But when I dump document.cookie to the console I don't see it! Entire contents of served file:
<script type="text/javascript">
console.log(document.cookie)
</script>
Is this normal?
Upvotes: 10
Views: 3034
Answers (1)
Alfred Zhao
Reputation: 134
HttpOnly is an additional flag included in a Set-Cookie HTTP response header. Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie (if the browser supports it).
Upvotes: 8
Related Questions
- How to get session cookie
- Can't access cookies from document.cookie in JS, but browser shows cookies exist
- Why isn't document.cookie getting set?
- Why doesn't document.cookie show all the cookie for the site?
- Why some cookie cannot get from document.cookie?
- document.cookie is not returning all the cookies
- Get cookie not listed in docuement.cookie
- document.cookie not storing cookie?
- document.cookie not working
- Can't access a cookie using document.cookie in JS