how to get httponly cookie in javascript
The whole point of HttpOnly cookies is that they can't be accessed by JavaScript.
The only way (except for exploiting browser bugs) for your script to read them
is to have a cooperating script on the server that will read the cookie value
and echo it back as part of the response content. But if you can and would do
that, why use HttpOnly cookies in the first place?http only cookie
- If the HttpOnly flag (optional) is included in the HTTP response header,
the cookie cannot be accessed through client side script (again if the
browser supports this flag).
- As a result, even if a cross-site scripting (XSS) flaw exists, and a user
accidentally accesses a link that exploits this flaw, the browser (primarily
Internet Explorer) will not reveal the cookie to a third party.
- If a browser does not support HttpOnly and a website attempts to set an HttpOnly cookie,
the HttpOnly flag will be ignored by the browser, thus creating a traditional,
script accessible cookie.
- As a result, the cookie (typically your session cookie)
becomes vulnerable to theft of modification by malicious script. "Mitigating".Copyright © 2021 Codeinu
Forgot your account's password or having trouble logging into your Account? Don't worry, we'll help you to get back your account. Enter your email address and we'll send you a recovery link to reset your password. If you are experiencing problems resetting your password contact us
