4

I user AngularJS, I want to prevent save default cookie sended from server, because it's expirasion is set to session. Or just get this cookie, get authentication value, and save it to my own cookie, which I would use to authenticate request. But now, I can't get this cookie using AngularJS or JavaScript. I can only see "__ngdebug" or "5984_recent". "AuthSession" cookie is HTTP checked as true;

I tryied watch headers from $http, but there is no named "Set-Cookie", example server should return:

HTTP/1.1 200 OK
Cache-Control: must-revalidate
Content-Length: 43
Content-Type: application/json
Date: Mon, 03 Dec 2012 01:23:14 GMT
Server: CouchDB (Erlang/OTP)
Set-Cookie: AuthSession=cm9vdDo1MEJCRkYwMjq0LO0ylOIwShrgt8y-UkhI-c6BGw; Version=1; Path=/; HttpOnly

My controller look like that:

ctr.controller("loginController", ["$scope", "$cookieStore", "$http",
  function($scope, $cookieStore, $http) {

    $scope.userCedential = {};

    $scope.login = function() {

        var headers = {};
        headers["Content-Type"] = "application/json";

        var res = $http.post("/_session", $scope.userCedential, headers);

        res.success(function(data, status, headers, config) {
                var s = headers("Set-Cookie");

            });

        res.error(function(data, status, headers, config) {

            });
    };

  }]);
InnerWorld
  • 585
  • 7
  • 26

1 Answers1

4

You can't.

By definition an HttpOnly cookie cannot be accessed from NON-Http interfaces. i.e. JavaScript

http://en.wikipedia.org/wiki/HTTP_cookie#HttpOnly_cookie

Also see this SO answer for more information on how AJAX and HttpOnly interact:

How do HttpOnly cookies work with AJAX requests?

Community
  • 1
  • 1
Josh
  • 44,706
  • 7
  • 102
  • 124
  • and to further that note, you can NOT delete them as I tried when logging out. Now it make sense why. Thanks. – Gel May 04 '20 at 15:24