I am wondering if there is an existing trick to filter on the cookies. I need to get the session cookies only and to discard the other. The usual way to read cookies using Javascript is:

document.cookie

However this prints all the cookies, my goal here is to get the session cookies only. I know that unlike "normal" cookies a session cookie has an expiration date.

Does anyone have a code sample to achieve this session cookies extraction?

Best, Alexandre

I am wondering if there is an existing trick to filter on the cookies. I need to get the session cookies only and to discard the other. The usual way to read cookies using Javascript is:

document.cookie

However this prints all the cookies, my goal here is to get the session cookies only. I know that unlike "normal" cookies a session cookie has an expiration date.

Does anyone have a code sample to achieve this session cookies extraction?

Best, Alexandre

• javascript
• session
• cookies

• learn about cookies here – Jaromanda X Commented Feb 15, 2016 at 9:03
• Nothing in the cookie specification allows to tag a cookie as "session cookie". It's just a convention used by server-side apps. And you should find endless libraries/functions/snippets in your favourite search engine to read cookies by name. – Álvaro González Commented Feb 15, 2016 at 9:04
• @JaromandaX that does not answer my question. There is nothing in this link on how to get the session cookies only. ;) – Alexandre Commented Feb 15, 2016 at 9:06
• sure, but you've shown no knowledge of cookies at all – Jaromanda X Commented Feb 15, 2016 at 9:07
• @ÁlvaroGonzález I do not know the cookie names that it is the problem, I want to grab the session cookies no matter the domain my JS scripts runs on. I know that it might be a way to capture the cookies with an expiration date, but how? – Alexandre Commented Feb 15, 2016 at 9:08

1 Answer 1

A "session cookie" is a normal cookie. It may (or may not) have an expiration date but nothing prevents other cookies to have an expiration date as well. The only reliable way to identify a session cookie is if you know its name (this is website-dependent of course, but isn't a problem if this is your website).

Also, you have no way of knowing a cookie's expiration date from Javascript.

Now document.cookie gives you all cookies as a semi-colon delimited string. You just need to break it down on semi-colons to retrieve the key-value pairs. So here's a sample code to look for a cookie given its name:

var getCookie = function(name) {
    var cookies = document.cookie.split(';');
    for(var i=0 ; i < cookies.length ; ++i) {
        var pair = cookies[i].trim().split('=');
        if(pair[0] == name)
            return pair[1];
    }
    return null;
};

If you don't know the session cookie's name you're out of luck. Period. You could maybe find clever heuristics to determine which one it is (based on the form of name and/or value), but nothing can tell you exactly for all websites with 100% confidence which cookie is the session cookie, and if there is one at all.