document.cookie is not returning all the cookies

Question

I am trying to read all the cookies set by my domain using document.cookie what I have noticed is, it returns only csrftoken and another value. My goal is to read the sessionid from the cookie

please see the below screenshot that shows the cookies set on my local machine

and this is the return value of document.cookie

Similar to http://stackoverflow.com/questions/14691654/set-a-cookie-to-httponly-via-javascript — fbelanger, Sep 06 '16 at 19:01

score 11 · Answer 1 · answered Sep 06 '16 at 18:58

11

_rbt_login_message and sessionid are likely HTTP-only cookies, meaning they can be read only by the server when it's handling a page request, and not by any client-side JavaScript code.

This is usually done for session identifying cookies, since you (as a developer) don't want client-side code (which can be injected by a malicious third-party relatively easily) to be able to steal the session of one of your users.

answered Sep 06 '16 at 18:58

Frxstrem

38,761
9
79
119

1

How do I identify if they are HTTP-only cookies. In the HTTP response headers I only see `_rbt_login_message` in the `Set-Cookie` header. Please see the following screenshot http://i.imgur.com/FzN68NJ.png – Santhosh Sep 06 '16 at 19:38

document.cookie is not returning all the cookies

1 Answers1

Linked