Reputation: 3913
Is there a security issue with using javascript to manipulate cookies?
I have an alert box that displays updates processed in php to the user just like this site. I want to make it so that if the user closes the box, then it will not pop up for another 5 minutes (unless they check the messages then it will not pop up because the entries that cause the pop up are deleted in the database). On the close of the box I was thinking of giving the user a javascript cookie, since the alert box is done in javascript. I was wondering if this was a bad coding practice, since I am kind of unfamiliar with cookies and was warned against them before. If anyone has any advice or can recommend a better way, I would really appreciate it.
Upvotes: 3
Views: 174
Answers (2)
Reputation: 44792
There is nothing "bad" about using javascript cookies. You need to be aware that the user can change them at will; but they can change non-javascript cookies too so I don't see what's the problem.
The problem you've been hearing about is probably getting (instead of setting) the cookies through javascript; if the content of the cookie is confidential (such as a password) then this becomes a problem with cross-site scripting.
None of that applies to you. Use your javascript cookie!
Upvotes: 1
Reputation: 38533
Here is a great post on codinghorror.com about securing cookies, "Protecting Your Cookies: HttpOnly"
Upvotes: 0
Related Questions
- Javascript Cookies - Can they be accessed by a server side scripting language, visa versa?
- how to manipulate cookie with js
- Is letting users access cookies through javascript a security issue
- use of cookies in javascript
- Cookies with JavaScript
- Can a cookie that was generated with Javascript (not send in the header by the server) be stolen / used by an attacker?
- JavaScript & Cookies
- Using Javascript cookies in Java
- Dynamically manipulate php cookies with javascript/jquery
- Handling Javascript Cookies