7

Is there any way of reading cookies marked with HTTPONLY checked, with jQuery? I have a cookie named wishlist_cookie.

When I try 

$.cookie('wishlist_cookie');

It returns NULL even if it has a value.

Nabil
  • 175
  • 1
  • 2
  • 10
  • Does the domain and path of the cookie match those you're trying to access it from? Have you included the cookie plugin correctly? – Rory McCrossan Jan 21 '15 at 11:30
  • @RoryMcCrossan Yes it matches and the cookie plugin is being used at several other places on the website, just ran into a problem on this specific cookie and watched it and found out httponly was the problem :) – Nabil Jan 21 '15 at 11:34

3 Answers3

7

HttpOnly cookie is not available to client-side scripting languages, there is no way to get and set it. Here is the link Set a cookie to HttpOnly via Javascript for details.

Community
  • 1
  • 1
Lumi Lu
  • 3,289
  • 1
  • 11
  • 21
3

Short Answer: No.

Explanation: jQuery is nothing but an extended library of javascript. The HttpOnly flag tells if the cookie can be accessed/altered by the client side scripts which is a defensive mechanism for Cross Site Scripting (XSS) attacks. If by any chance the application is vulnerable to XSS injections, the attacker will not be able to get some critical cookie values like session ids.

pavanw3b
  • 211
  • 1
  • 2
  • 9
-2

You can try in this way

var currentSession = [];


      var session = function readCookie() {
            match = document.cookie.match(new RegExp('TestCookie' + '=([^;]+)'));
            if (match) {
                var array = match[1].split('&');
                for (var i = 0; i < array.length; i++) {
                    name = array[i].split('=')[0];
                    value = array[i].split('=')[1];
                    currentSession.push(setCokiesValue(name, value));
                }
            }
            return currentSession;

        };
virender
  • 4,539
  • 5
  • 27
  • 31