19

How well supported is navigator.cookieEnabled? Can I safely rely on it for all browsers?

Andy E
  • 338,112
  • 86
  • 474
  • 445
dtbarne
  • 8,110
  • 5
  • 43
  • 49
  • possible duplicate of [How to detect that JavaScript and/or Cookies are disabled ?](http://stackoverflow.com/questions/4603289/how-to-detect-that-javascript-and-or-cookies-are-disabled) – epascarello May 25 '11 at 13:42
  • 3
    @epascarello I don't think so. I'm aware of the concept of trying a cookie just to see if it works, but I wanted to see how reliable cookieEnabled is. For the application I'm working on, the smaller I can keep the code, the better. – dtbarne May 25 '11 at 14:04

4 Answers4

36

I know it's present in at least IE 6 and later, Firefox 1 and later, and Dottoro reports that it is supported by all major browsers. However, it is not part of any DOM specification and therefore is not guaranteed to be available in or properly implemented by all browsers (for instance, mobile browsers with limited DOM implementations).

As some have discovered, IE returns true for navigator.cookieEnabled even if cookies are blocked for the current site. This means that you cannot currently rely on the property at all and you should avoid it completely.

For a complete cross browser cookie support check, you might want to go with something like this:

var cookies = ("cookie" in document && (document.cookie.length > 0 ||
        (document.cookie = "test").indexOf.call(document.cookie, "test") > -1));

Demo: http://codetester.org/31011785

This will return false in browsers that have cookies disabled or don't support the DOM level 2 property document.cookie, which is about as far as you can go in JS.

Andy E
  • 338,112
  • 86
  • 474
  • 445
  • FWIW, I'm just using `navigator.cookieEnabled`. – dtbarne Aug 19 '11 at 01:59
  • @dtbarne: yeah, like I said `cookieEnabled` isn't part of the spec, so the code in my answer is just for the super-paranoid :-) – Andy E Aug 19 '11 at 10:19
  • Hi Andy, can you please explain the 2nd and 3rd clauses of the conditional? – SexyBeast Dec 17 '12 at 19:32
  • @Cupidvogel: Actually, there's only two clauses of the conditional. My code formatting kind of disguises it because I'm a little obsessive when it comes to small code blocks displaying horizontal scrollbars. `(document.cookie.length > 0 || (document.cookie = "test").indexOf.call(document.cookie, "test") > -1)` is a separate statement which, 1) checks a cookie property exists and then asserts that 2a) its length non-zero (a cookie already exists); or 2b) we can set a cookie and then verify that it was set. – Andy E Dec 18 '12 at 22:43
  • Yeah, but don't you think that the `call` is redundant? I mean, you can achieve the same by just `(document.cookie = "test").indexOf ("test") > -1)`, since we are not passing in a different object, right? – SexyBeast Dec 19 '12 at 05:02
  • @Cupidvogel: Nope :-) That part is just a little trick to keep the code to a single expression. If we were to use the line of code you're suggesting, it would always return `true` because that call to `indexOf` executes on the string primitive, `"test"`, rather than the value of `document.cookie`. – Andy E Dec 19 '12 at 08:57
  • Isn't the code you wrote testing the same, i.e setting `document.cookie` to **test** and checking whether the cookie has been set, and if so, checking whether it contains the string **test**? – SexyBeast Dec 19 '12 at 10:36
  • 1
    @Cupidvogel: yes, the code I wrote does that, but the code you wrote doesn't :-) Your code checks whether the string "test" contains the string "test". It might be better if I show you an example of the differences in a similar context: http://jsfiddle.net/ctRcB/ – Andy E Dec 19 '12 at 11:04
  • May be I don't know what does `document.cookie` do. What does assigning a string like **test** to `document.cookie` do? – SexyBeast Dec 19 '12 at 11:33
  • @Cupidvogel: IIRC, setting a value to `document.cookie` when cookies are disabled results in an empty string when trying to access it again. Like I said in my answer, that fall back code is only for the super paranoid anyway. Simply `navigator.cookieEnabled` should be enough for anyone these days. – Andy E Dec 19 '12 at 11:58
  • @Andy E: Thanks for the code. Unfortunately it didn't work for me in FF20. To be correct it did work localy but not on our server. IE8 and Chrome26 were fine. No idea where the problem was. I tried the following recommendation, which worked: http://stackoverflow.com/a/12698662 EDIT: Sorry, forgot to make one clarification. I just tested the second part - so without the navigator.cookieEnabled part. I'm sure this would work, but however setting the cookie should work, too - right? – Sithlord Apr 10 '13 at 11:37
  • for the IE11 above code returns true although the cookies are disabled(blocked). – Trilok Pathak Apr 14 '16 at 13:26
  • And document.cookie.length always returns true from IE11 after disabling all cookies and deleting all the cookies. – Trilok Pathak Apr 14 '16 at 13:48
  • This has the side effect of actually setting a cookie. Maybe you want to clean it up afterwards. – stracktracer Jul 09 '20 at 08:56
22

In a quick test just now (using IE9), it appears that navigator.cookieEnabled still returns true when the browser is blocking cookies for that site.

In other words, cookies are enabled but not for that particular page you are on.

Therefore you need to test for whether cookies actually work when you set them. The correct code should be (modified from Andy E's answer):

var cookies = 
    ("cookie" in document && (document.cookie.length > 0 ||
    (document.cookie = "test").indexOf.call(document.cookie, "test") > -1))

There is really no point in checking navigator.cookieEnabled.

mike nelson
  • 21,218
  • 14
  • 66
  • 75
  • 4
    +1. It's true. If you read nothing else, read this: `There is really no point in checking navigator.cookieEnabled.` – dtbarne Mar 25 '13 at 14:41
  • Can confirm `navigator.cookieEnabled` returns true on IE11, when cookies are blocked. – sglessard Jan 22 '16 at 02:07
  • Unfortunately, this solution doesn't seem to work anymore. Tried on Facebook embedded browser and incognito with 3rd party cookies disabled. – Cameron Cobb Dec 23 '20 at 21:15
  • @CameronCobb incognito mode in browsers normally still supports cookies though, and 3rd party cookies still allows cookies from the current domain – symbiont Jul 05 '23 at 13:30
0

I like this 1 liner function:

function cookiesEnabled() {
    return $.cookie('check', 'valid', { expires: 1 }) && $.cookie('check') == 'valid';
}
wayofthefuture
  • 8,339
  • 7
  • 36
  • 53
0

navigator.cookieEnabled is not always reliable and does not work at all on old browsers.

This answer will work on all browsers that support JavaScript. Additionally this does not need jQuery and it deletes the test cookie after the test is complete.

// returns 1 or 0 instead of true or false. Returns null if inconclusive.
function cookiesEnabled() {
    var i, j, cookies, found;
    document.cookie = 'testcookiesenabled=1';
    for (i=0; i<2; i++) {
        found = false;
        cookies = document.cookie.split(';');
        j = cookies.length;
        while(j--) {
            while (cookies[j].charAt(0)==' ') {// trim spaces
                cookies[j] = cookies[j].substring(1);
            }
            if (cookies[j].indexOf('testcookiesenabled=')==0) {
                found = true;
                break;
            }
        }
        if (!found) {
            return i;
        }
        // Delete test cookie.
        document.cookie = 'testcookiesenabled=; expires=Thu, 01 Jan 1970 00:00:01 GMT';
    }
    // Results inconclusive.
}
PHP Guru
  • 1,301
  • 11
  • 20