jQuery JavaScript is there a method of listening to cookies changing

Question

Yea, not really sure what kind of title to give this. But I had a random thought just now, and I don't even know if its possible, I'd guess not but Hopefully someone can definitively tell me yes/no.

The overall question comes from the concept of listening to events in the DOM, which got me to thinking is it possible with a cookie. Knowing that I have my cookie stored as a variable generally speaking when the page loads. I can compare it to something on the event it changes. What I have is 2 cookies that shouldnt change ever unless they are being removed by the script. So I want to listen to them, see if they change like lets say a user goes into there browser and changes the value somehow. If that happens I'd like to do something based on that.

I know I can't do anything about them physically changing anything through something like the browser of firebug or other console. But, the hope is to know

var myCookie = the cookie;

when the page loads, so if it is possible to monitor a change I could use myCookie to compare it to make sure the variable at page load is the same as the one attempting to be used now.

So is that even remotely possible? is there a method of listening to a cookie change like there is for most DOM elements or is it a pipe dream and a security issue from a browser level that can't be monitored?

Answer 1

There is no way to know when a cookie has been changed outside of the lifetime of your page. Your page code isn't even running when your page isn't loaded so cookies could be changed as much as anyone wants and none of your code would be running in order to monitor such a change, even if such events existed.

The possible alternative solutions I can think of are:

1. Store the data server-side where you control the safety and security of the storage. You would either need a login system or you could uniquely cookie the browser (like shopping carts do) so you would know which server-side data belongs to this browser. Then, the user never has a chance to modify the data without you being involved.
2. Store the data in multiple places and then compare the value from each place. This doesn't prevent the determined hacker from eventually figuring out your system, but it makes it a lot more difficult than just editing a cookie value. For example, you could store the value in a couple of cookies and in local storage. It's even possible store cookie-like stuff in flash. Note, this is obscuration more than actual security, but it could foil anyone but the really determined hacker.
3. Encrypt and checksum the data so it isn't easy to edit without you determining that it's been edited or without someone first figuring out your encryption or checksum algorithms. Again, this is obscuration, but it prevents casual cookie editing.

Storing the data on your server is the only option that allows real security.

---

If you just want to see if the cookie is being changed while your page is loaded, then you can simply load the cookie value at page load time into a variable and then periodically poll the cookie value with setInterval() to see if it has been modified. Or, if you only want to know if it's been modified at certain points of execution in your page (like before a form submit), you can just check the current cookie value vs. your original variable at those points in time.