Why some cookie cannot get from document.cookie?

Question

I'm using document.cookie go get cookie value of website, but it cannot get all cookie values. Example session cookie sid, I can see it in Google Chrome Cookie Manager, but cannot get value by javascript.

How I can set cookie by javascript but it does not display in document.cookie (still send these value to server in request header)?

Answer 1

Also make sure that the cookie you are trying to access is in the scope of the document from where you are trying to access the cookie.

The Domain and Path directives define thescope of the cookie: what URLs the cookies should be sent to.

Domain specifies allowed hosts to receive the cookie. If unspecified, it defaults to the host of the current document location, excluding subdomains. If Domain is specified, then subdomains are always included.

For example, if Domain=mozilla.org is set, then cookies are included on subdomains like developer.mozilla.org.

Path indicates a URL path that must exist in the requested URL in order to send the Cookie header. The %x2F ("/") character is considered a directory separator, and subdirectories will match as well.

For example, if Path=/docs is set, these paths will match:

/docs

/docs/Web/

/docs/Web/HTTP

source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Scope_of_cookies

Answer 2

Answer copied from github: https://github.com/expressjs/session/issues/274#issuecomment-185308426

Your cookie is likely set to httponly: true. This is the default value. If you, or anyone else reading this doesn't already know, it can be unnecessary and a bad decision to set this value to false. Search for "httponly cookie" and you'll find some good explanations of why you wouldn't want Javascript to have access to cookies.