I need to get all the cookies from the browser

Question

I need to get all the cookies stored in my browser using JavaScript. How can it be done?

nayagi, unfortunately if we do answer your question you would have software that is nothing less than MALWARE. — Jon Limjap, Oct 31 '08 at 06:32
@Jon Limjap - that's not quite true. There are legitimate scenarios for being able to enumerate through all cookies in a web browser without being malware. — Franci Penov, Oct 31 '08 at 18:47
Whoa wait a sec. All of the cookies? Login's from any website? That's malware... — alexyorke, Apr 07 '11 at 19:34
I have a situation (web apps behind the firewall for a business) where doing this would be handy and quite legitimate. However, the issue exists because we have too many internal domains (mostly through virtual hosts) so one could argue that the solution is to use Single Sign On. — ClubbedAce, Jan 14 '14 at 21:12
If you truly need all cookies, you have to create and install a browser extension to do that. Cookies used for logins are considered sensitive and browsers do their best to keep those secret. — Mikko Rantalainen, Sep 03 '20 at 15:54

score 111 · Answer 1 · edited Aug 28 '19 at 07:38

111

You can only access cookies for a specific site. Using document.cookie you will get a list of escaped key=value pairs seperated by a semicolon.

secret=do%20not%20tell%you;last_visit=1225445171794

To simplify the access, you have to parse the string and unescape all entries:

var getCookies = function(){
  var pairs = document.cookie.split(";");
  var cookies = {};
  for (var i=0; i<pairs.length; i++){
    var pair = pairs[i].split("=");
    cookies[(pair[0]+'').trim()] = unescape(pair.slice(1).join('='));
  }
  return cookies;
}

So you might later write:

var myCookies = getCookies();
alert(myCookies.secret); // "do not tell you"

edited Aug 28 '19 at 07:38

demonofthemist

4,081
4
26
45

answered Oct 31 '08 at 09:28

aemkei

11,076
8
37
29

5

this doesnt catch the space after the semicolon ("; ") so keys have a space at the front... use /; ?/ when splitting to remove them? – Carter Cole Dec 20 '11 at 21:43
Check [this](https://www.inkling.com/read/javascript-definitive-guide-david-flanagan-6th/chapter-20/parsing-the-document-cookies) snippet out for parsing `document.cookies` (from O'Reilly book). – Bentley4 Nov 04 '13 at 10:42
should really add .trim() to pair[0] to make sure that there is no leading spaces. – Andrew Killen Jul 15 '16 at 19:53

score 60 · Answer 2 · edited Aug 09 '19 at 15:59

60

You can't see cookies for other sites.
You can't see HttpOnly cookies.
All the cookies you can see are in the document.cookie property, which contains a semicolon separated list of name=value pairs.

edited Aug 09 '19 at 15:59

informatik01

16,038
10
74
104

answered Oct 31 '08 at 06:12

Franci Penov

74,861
18
132
169

score 39 · Answer 3 · answered Oct 31 '08 at 06:00

39

You cannot. By design, for security purpose, you can access only the cookies set by your site. StackOverflow can't see the cookies set by UserVoice nor those set by Amazon.

answered Oct 31 '08 at 06:00

PhiLho

40,535
6
96
134

7

how did facebook doing that...? I always saw facebook shows ads related to what I browsed from google! – Ari Apr 08 '15 at 13:02
20

Actually, Facebook plants its own cookies on every site... using its Like button. I bet Google do the same on the +1 buttons or even on the site stats scripts. – PhiLho Apr 09 '15 at 08:43
2

thank you..., it's opening my eyes. I think any kind of app related to them will do, including login using social media account app. – Ari Apr 10 '15 at 02:29
3

@SoursopTree - Isn't it AdChoices? Facebook uses AdChoices, which is a Google service that displays content based on your searches through Google. Stackoverflow uses AdChoices too. I may be a bit off on the exact details - but I'd guess that's what it is you're thinking of. – Rik Oct 23 '15 at 08:24
1

@KeepMove we call this terminology as [cookie-syncing](http://www.adopsinsider.com/ad-exchanges/cookie-syncing/) – ericdemo07 May 18 '17 at 07:56
@PhiLho but what if we inject script that get cookie in specific url ? Do you think this method will get the cookie easily? – Oct 15 '17 at 11:33

score 13 · Answer 4 · answered Oct 31 '08 at 05:34

13

To retrieve all cookies for the current document open in the browser, you again use the document.cookie property.

answered Oct 31 '08 at 05:34

Codeslayer

3,383
7
35
42

score 4 · Answer 5 · answered May 09 '19 at 05:01

4

Modern approach.

let c = document.cookie.split(";").reduce( (ac, cv, i) => Object.assign(ac, {[cv.split('=')[0]]: cv.split('=')[1]}), {});

console.log(c);

;)

answered May 09 '19 at 05:01

Prabu samvel

1,213
8
19

It seems it generates an space before each key. Example: " cookie_name" instead of "cookie_name" – jobima Nov 09 '20 at 12:08
1

Solved adding trim: return document.cookie.split(";").reduce( (ac, cv, i) => Object.assign(ac, {[cv.split('=')[0].trim()]: cv.split('=')[1]}), {}); – jobima Nov 09 '20 at 12:13

score 3 · Answer 6 · edited Nov 16 '15 at 08:55

Since the title didn't specify that it has to be programmatic I'll assume that it was a genuine debugging/privacy management issue and solution is browser dependent and requires a browser with built in detailed cookie management toll and/or a debugging module or a plug-in/extension. I'm going to list one and ask other people to write up on browsers they know in detail and please be precise with versions.

Chromium, Iron build (SRWare Iron 4.0.280)

The wrench(tool) menu: Options / Under The Hood / [Show cookies and website permissions] For related domains/sites type the suffix into the search box (like .foo.tv). Caveat: when you have a node (site or cookie) click-highlighted only use [Remove] to kill specific subtrees. Using [Remove All] will still delete cookies for all sites selected by search and waste your debugging session.

score 3 · Answer 7 · answered May 10 '19 at 06:25

Added trim() to the key in object, and name it str, so it would be more clear that we are dealing with string here.

export const getAllCookies = () => document.cookie.split(';').reduce((ac, str) => Object.assign(ac, {[str.split('=')[0].trim()]: str.split('=')[1]}), {});

score 1 · Answer 8 · answered Nov 20 '19 at 14:44

1

If you develop browser extensions you can try browser.cookies.getAll()

answered Nov 20 '19 at 14:44

zemil

3,235
2
24
33

It doesn't seem to work, see https://stackoverflow.com/questions/51911443/browser-cookies-getall-always-returns-nothing-firefox-extension. I have the same problem too. How do you do it @zemil? – Basj Feb 23 '22 at 12:03

score 0 · Answer 9 · answered Jul 29 '20 at 01:56

0

What you are asking is possible; but that will only work on a specific browser. You have to develop a browser extension app to achieve this. You can read more about chrome api to understand better. https://developer.chrome.com/extensions/cookies

answered Jul 29 '20 at 01:56

Emeka Augustine

891
1
12
17

I need to get all the cookies from the browser

9 Answers9

Linked