最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客

javascript - Session cookie not available in document.cookie - Stack Overflow

programmeradmin5浏览0评论

I can see the cookie is being transmitted via Chrome Network inspector:

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:rack.session=BAh7B8kiD3Nlc3Npb25faWQGOgZFRiJFMmYwOTZmZGY1NDEzNGVhYWJhYjcz%0ANmUzYmE5NzYyZmRmM2EyYjk4YWNlNzYzNjdkOGI5MDFiNTU3MDg0NWUzY0ki%0ADXRyYWNraW5nBjsARnsISSIUSFRUUF9VU0VSX0FHRU5UBjsARiItMjVhMmFj%0AZDI5zWU2NTJkY2QyMzA4MzI3NmYxNTk2YjU2ZjBkNmUwNkkiGUhUVFBfQUND%0ARVBUX0VOQ09ESU5HBjsARiItZWQyYjNjYTkwYTRlNzIzNDAyMzY3YTFkMTdj%0AOGIyODM5Mjg0MjM5OEkiGUhUVFBfQUNDRVBUX0xBTkdVQUdFBjsARiItY2M5%0AZjZmZWM2NTJhNDI1OGJjNmQyOTI4NzA1MjE3OWFiMWUwZDE0Nw%3D%3D%0A--82a2216513ed8ce3bbcd0f2fe2162e7c40847499; test=whee
Host:0.0.0.0:4567
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17

But when I dump document.cookie to the console I don't see it! Entire contents of served file:

<script type="text/javascript">
    console.log(document.cookie)
</script>

Is this normal?

I can see the cookie is being transmitted via Chrome Network inspector:

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Cookie:rack.session=BAh7B8kiD3Nlc3Npb25faWQGOgZFRiJFMmYwOTZmZGY1NDEzNGVhYWJhYjcz%0ANmUzYmE5NzYyZmRmM2EyYjk4YWNlNzYzNjdkOGI5MDFiNTU3MDg0NWUzY0ki%0ADXRyYWNraW5nBjsARnsISSIUSFRUUF9VU0VSX0FHRU5UBjsARiItMjVhMmFj%0AZDI5zWU2NTJkY2QyMzA4MzI3NmYxNTk2YjU2ZjBkNmUwNkkiGUhUVFBfQUND%0ARVBUX0VOQ09ESU5HBjsARiItZWQyYjNjYTkwYTRlNzIzNDAyMzY3YTFkMTdj%0AOGIyODM5Mjg0MjM5OEkiGUhUVFBfQUNDRVBUX0xBTkdVQUdFBjsARiItY2M5%0AZjZmZWM2NTJhNDI1OGJjNmQyOTI4NzA1MjE3OWFiMWUwZDE0Nw%3D%3D%0A--82a2216513ed8ce3bbcd0f2fe2162e7c40847499; test=whee
Host:0.0.0.0:4567
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17

But when I dump document.cookie to the console I don't see it! Entire contents of served file:

<script type="text/javascript">
    console.log(document.cookie)
</script>

Is this normal?

Share Improve this question asked Feb 1, 2013 at 6:48 jchookjchook 7,2605 gold badges41 silver badges44 bronze badges 4
  • 6 Cookie is most likely http-only – Explosion Pills Commented Feb 1, 2013 at 6:50
  • 2 sometimes sites sites dont want their cookies to be accessed by javascript. so the httponly flag is set to disable it – Shurmajee Commented Feb 1, 2013 at 6:53
  • Would it be insecure to allow javascript to access my session cookie and then store it in localStorage? – jchook Commented Feb 2, 2013 at 0:27
  • 1 I see it is a rack app, which makes me guess it is a Rails application which sets cookies to httponly by default. Explosion Pills, I would remend putting your response as an answer so that it can be accepted. jchook, if you're interested in learning more, I believe this is a quick and easy place to start understanding them: codinghorror./blog/2008/08/… – whoughton Commented Nov 23, 2013 at 15:10
Add a ment  | 

1 Answer 1

Reset to default 8

HttpOnly is an additional flag included in a Set-Cookie HTTP response header. Using the HttpOnly flag when generating a cookie helps mitigate the risk of client side script accessing the protected cookie (if the browser supports it).

发布评论

评论列表(0)

  1. 暂无评论