admin管理员组

文章数量:1405636

If I create the function:

function setCookie(name, value)
    {
      // this works:
      // document.cookie=name + "=" + escape(value) + "; path=/;";
      // this does not:
      // document.cookie=name + "=" + escape(value) + "; path=/; secure; HttpOnly; SameSite=strict";
    }

setCookie('my_cookie','some_random_value');

I am not 100% on why this second option is not working. Any ideas anyone?

If I create the function:

function setCookie(name, value)
    {
      // this works:
      // document.cookie=name + "=" + escape(value) + "; path=/;";
      // this does not:
      // document.cookie=name + "=" + escape(value) + "; path=/; secure; HttpOnly; SameSite=strict";
    }

setCookie('my_cookie','some_random_value');

I am not 100% on why this second option is not working. Any ideas anyone?

  • javascript
  • cookies
  • cookie-httponly
Share Improve this question edited Mar 31, 2021 at 16:51 Barmar 784k57 gold badges548 silver badges659 bronze badges asked Mar 31, 2021 at 16:48 simlpymarkbsimlpymarkb 3855 silver badges13 bronze badges 2
  • You can't create an HTTP-only cookie on the client. By definition it can only be created using HTTP from the server. – Barmar Commented Mar 31, 2021 at 16:50
  • Does this answer your question? Set a cookie to HttpOnly via Javascript – Heretic Monkey Commented Mar 31, 2021 at 16:53
Add a ment  | 

1 Answer 1

Reset to default 5

See MDN:

A cookie with the HttpOnly attribute is inaccessible to the JavaScript Document.cookie API; it is sent only to the server. For example, cookies that persist server-side sessions don't need to be available to JavaScript, and should have the HttpOnly attribute. This precaution helps mitigate cross-site scripting (XSS) attacks.

You can't set it with document.cookie because the entire point of the flag is to prevent it being set (or read) with document.cookie.

本文标签: javascriptHow can I create securehttpOnly cookies with documentcookieStack Overflow

版权声明:本文标题:javascript - How can I create securehttpOnly cookies with document.cookie? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744910246a2631870.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。