An http only cookie uid has been set on the browser by the server. I need to find out whether this cookie exists and take some actions in my javascript. I know that http only cookies cannot be read by javascript. So I'm thinking of setting another non-http cookie loggedin with the same maxAge as that of uid whenever the latter is being set from server. Both will be set together and cleared together. Will this approach work? Are there any caveats to this?
Asked
Active
Viewed 3,658 times
3
Jophin Joseph
- 2,864
- 4
- 27
- 40
-
Can you just request it from the server? – PeeHaa Jun 24 '16 at 20:41
-
How is login being handled? If it's via a React component, it's best to have the component handle this by checking for success or failure of your login service. – cmbuckley Jun 24 '16 at 20:44
-
@PeeHaa Requesting from server is always an option. Just seeing if that can be avoided – Jophin Joseph Jun 24 '16 at 23:40
-
@cmbuckley I'm trying to see if the login service has to be fired at all. If the cookie is present I'm avoiding the login call. – Jophin Joseph Jun 24 '16 at 23:41
1 Answers
0
Take a look at the answers here
My approach was to try and overwrite the cookie and it worked in Edge, Chrome and Firefox(don't know about other browsers)
This is the code I used:
private doesHttpOnlyCookieExist(cookieName: string) {
var d = new Date();
d.setTime(d.getTime() + (1000));
var expires = "expires=" + d.toUTCString();
document.cookie = cookieName + "=new_value;path=/;" + expires;
return document.cookie.indexOf(cookieName + '=') == -1;
}And this is the explanation:
You can indirectly check to see if it exists by trying to set it to a value with javascript if it can't be set, then the HTTP Only Cookie must be there (or the user is blocking cookies).
Lille
- 103
- 1
- 3
- 13