To access your cookies in JavaScript, you use document.cookie. That’s a no brainer there.
Your javascript is using document.cookie. However to your surprise you don’t find the cookie you are looking for. document.cookie simply not returning your cookie.
Come on my cookie.
But not everything is meant for everybody. And the so the same applies for cookies. And here is comes HttpOnly cookie. As per definition –
“HttpOnly is a flag added to cookies that tell the browser not to display the cookie through client-side scripts (document. cookie and others). … When you set a cookie with the HttpOnly flag, it informs the browser that this special cookie should only be accessed by the server”. Most of the session cookies, auth cookies would be HttpOnly so that none can tamper it and replay a user session.
Ok now I know, she was never mine. But is there somewhere from where I can at-least see her?
I have a good news for you. Well there are many ways to view it, we can view it using developer tools of any browser.
The above is a screenshot from Chrome developer tools window. Under Applications –> Cookies you can view all the cookies including HttpOnly cookies as well.
Hope this helps! Will come with another scripting blog post soon.
Debajit Dutta
(Microsoft Business Solutions MVP)