6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"I can view httpOnly cookies in browser\",\"text\":\"

I thought that httpOnly cookies were only available to read in a http request. However, when I open up Firefox dev tools, I can see the cookies' value. Is this normal?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"sebastianTheCoder\"},\"upvoteCount\":5,\"answerCount\":2,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

Yes, that’s normal.you can access the cookies using the devtool.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Sagor Mainul\"},\"upvoteCount\":0}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","javascript",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/javascript/1","children":"javascript"}]}],["$","span","reactjs",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/reactjs/1","children":"reactjs"}]}],["$","span","cookies",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/cookies/1","children":"cookies"}]}],["$","span","next.js",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/next.js/1","children":"next.js"}]}],["$","span","web-development-server",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/web-development-server/1","children":"web-development-server"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/eccf67a926c6b0e31b06047f0ef217b7?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"sebastianTheCoder","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/15926030/sebastianthecoder","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"sebastianTheCoder"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",197]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"I can view httpOnly cookies in browser"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I thought that httpOnly cookies were only available to read in a http request. However, when I open up Firefox dev tools, I can see the cookies' value. Is this normal?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",5]}],["$","p",null,{"children":["Views: ",3925]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",2,")"]}],[["$","div","73669477",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/rUGyDoBk.png?s=256","alt":"Sagor Mainul","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/15659806/sagor-mainul","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Sagor Mainul"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",22]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Yes, that’s normal.you can access the cookies using the devtool.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",0]}]}]]}],["$","div","73669442",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/3d5ccb4452ea5093f95c1da37acc764b?s=256&d=identicon&r=PG&f=y&so-version=2","alt":"CertainPerformance","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/9515207/certainperformance","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"CertainPerformance"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",371108]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Yes, that's normal. What HttpOnly does is it prevents cookies from being accessible to JavaScript, which makes impossible to tamper with programatically (on the client). You can still access it manually through the browser's devtools. (If you weren't, it'd be quite difficult to debug issues with them, after all.)

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",10]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","65160156",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/65160156","className":"text-blue-600 hover:underline","children":"Remove Cookies and Sign out server-side in Next.js"}]}],["$","li","68991816",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/68991816","className":"text-blue-600 hover:underline","children":"Cookies.get() is undefined"}]}],["$","li","60168695",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/60168695","className":"text-blue-600 hover:underline","children":"How to include cookies with fetch request in Nextjs"}]}],["$","li","57479576",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/57479576","className":"text-blue-600 hover:underline","children":"How to read cookies with react?"}]}],["$","li","44107665",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/44107665","className":"text-blue-600 hover:underline","children":"How to access a browser cookie in a react app"}]}],["$","li","72796633",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/72796633","className":"text-blue-600 hover:underline","children":"next.js trouble with cookies"}]}],["$","li","71648090",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/71648090","className":"text-blue-600 hover:underline","children":"cant read cookie in nextjs ssr"}]}],["$","li","62099945",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/62099945","className":"text-blue-600 hover:underline","children":"login and authentication in nextjs with httponly cookies"}]}],["$","li","66925744",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/66925744","className":"text-blue-600 hover:underline","children":"Cookies not being stored in browser"}]}],["$","li","64936051",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/64936051","className":"text-blue-600 hover:underline","children":"how to read a cookie from browser in nextjs api"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

I can view httpOnly cookies in browser

Answers (2)

Related Questions