1

I'm trying to get stored cookies using JavaScript. Here's a list of cookies shown in Google Chrome by inspecting the page and going to Resources.

enter image description here

When I run the code:

alert(document.cookie);

It only shows the K----S------C---- cookie, but not the adminhtml cookie. How do I access the adminhtml cookie?

===================================================

Edit:

According to the selected answer, JavaScript can't access HTTP-only cookies. Though I found a workaround. It might not be the most secure, but in a scenario like this where you need to get the cookie information, try this.

Use PHP to write the cookie information to a hidden div:

<div id="adminhtml" style="visibility:hidden"><?php
    echo $_COOKIE['adminhtml'];
?></div>

Then use JavaScript to get the innerhtml of the div:

<script>
    var cookieValue = document.getElementById("shopperid").innerHTML;
</script>
swl1020
  • 816
  • 14
  • 34
  • 1
    Take a look here: http://stackoverflow.com/questions/17508027/cant-access-cookies-from-document-cookie-in-js-but-browser-shows-cookies-exist – Irvin Dominin Nov 08 '13 at 16:32

1 Answers1

2

adminhtml appears to be a HttpOnly cookie. You can't access HttpOnly cookies from javascript.

Quote from wikipedia, can't find the official docs:

The HttpOnly attribute is supported by most modern browsers. On a supported browser, an HttpOnly session cookie will be used only when transmitting HTTP (or HTTPS) requests, thus restricting access from other, non-HTTP APIs (such as JavaScript). This restriction mitigates but does not eliminate the threat of session cookie theft via cross-site scripting (XSS). This feature applies only to session-management cookies, and not other browser cookies.

pax162
  • 4,735
  • 2
  • 22
  • 28
  • Awesome, thanks! I don't know if it's the most secure way to do things, but I found a workaround. I'll post it as an edit for anyone that might want it. – swl1020 Nov 08 '13 at 16:50