Reputation: 8881
Samesite cookie attribute not being set using javascript
I am trying to set SameSite attribute using javascript on my site . The code is
<script type="text/javascript">
document.cookie = "AC-C=ac-c;expires=Fri, 31 Dec 9999 23:59:59 GMT;path=/;HttpOnly;SameSite=Lax";
</script>
The cookie is being set but the SameSite attribute is not being set. Any idea where am I missing?
Thanks
Upvotes: 27
Views: 80571
Answers (2)
Reputation: 7467
You can not set HttpOnly flag via JavaScript API document.cookie. Flag HttpOnly can be set only via cookie header in server response. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies Cookies created via JavaScript cannot include the HttpOnly flag.
You wrote The cookie is being set but the SameSite attribute is not being set but I think it is not truth. Cookie set via JS with attribute HttpOnly is rejected at all or maybe some browser set it but ignore HttpOnly flag - so finally your cookie is not HTTP only.
Upvotes: 12
Reputation: 1362
Your problem is not with SameSite, but with HttpOnly. HttpOnly and SameSite are 2 independent things, if you remove HttpOnly it will be working… and cookie will be set with SameSite.
<script>
document.cookie = "AC-C=ac-c;expires=Fri, 31 Dec 9999 23:59:59 GMT;path=/;SameSite=Lax";
alert( document.cookie );
</script>
Upvotes: 27
Related Questions
- JS - How to update cookies to samesite none
- Create cookie with samesite: "Lax"
- Is there a way to add samesite value to a cookie in jquery?
- js-cookie with sameSite None & secure
- A cookie associated with a cross-site resource was set without the `SameSite` attribute
- SameSite attribute in cookies
- Javascript to exploit cookies with samesite attribute?
- cookie not setting as expected
- Cookies setted by JavaScript in one page not showing in another page
- JavaScript Cookies are not being set