HttpOnly cookie - unable to set

Question

I am trying to make the client receive a page that will set the required cookies after authentication, and then go to another page after setting the cookies.

Client => Server: credentials

Server => Client:

<html>
    <body>
        <script>
            document.cookie="name=myName;path=/;secure;HttpOnly";
            document.cookie="token=abcdefg;path=/;secure;HttpOnly";
            window.location="https://localhost/myPage.html"
        </script>
    </body>
</html>

This fails when HttpOnly is set. How do I fix it?

The reason to set http-only is to make sure script does not have access to the cookie — Arun P Johny, Apr 01 '15 at 02:51
You need to set it via headers from the server side scripts that you are using... what is the server side technology used — Arun P Johny, Apr 01 '15 at 02:52
Related: [Set a cookie to httponly via javascript](http://stackoverflow.com/questions/14691654/set-a-cookie-to-httponly-via-javascript?rq=1) — Ja͢ck, Apr 01 '15 at 03:02

score 1 · Answer 1 · answered Apr 01 '15 at 02:51

1

HttpOnly cannot be set (or read) from js - that's why it's called HttpOnly.

So answering your question:

How do I fix it?

You cannot "fix" it - it's by design. But you could set it from the server side.

answered Apr 01 '15 at 02:51

zerkms

249,484
69
436
539

HttpOnly cookie - unable to set

1 Answers1