user3015541
Reputation: 357
Hide cookies from document.cookie
I opened cookie browser for firefox, I noticed that my localhost(php/apache) has a cookie named sessid. But when I tried
document.cookie
in the browser, the result is "", how is that possible?
Upvotes: 3
Views: 2672
Answers (1)
MrTux
Reputation: 34042
Cookies created by some server side application (or PHP) can be marked as httpOnly. Then these cookies are not visible to javascript on client side, however, the cookies are still transmitted in http(s) requests.
PHP Session cookies are marked as httpOnly, thus, you cannot access them using document.cookie.
The reason for this feature was to mitigate some cross-site scripting attacks (cookie stealing).
Upvotes: 4
Related Questions
- Cookie (document.cookie)
- Disable cookies on page load with Javascript
- Disable cookies until consented
- How can Javascript be prevented from accessing PHP cookie data?
- Hide code if there is a cookie
- Show cookies in php
- jQuery hide cookie
- Alternative for document.cookie in JavaScript
- Hide div cookies javascript issue
- cookie in javascript and php