0

enter image description hereI have a webpage. I log in with my username and password. Session stored in Chrome.

In this format
Name = session
Content = .eJwlj0tuwzAMBe_CtRcSKZpiLmNI_KBBggawk1XRu1dA1w8zmPcDR55xfcHtfX5ig-PucAOOOkLYK3uhVnzOoqaqTDmyYqAhIjOatNplBpQhEFQ-Zo3nTR7pVaZjNnlbobM-E-PJXW1KMEW0EZpEIiFRM2sOvM4

I can't get the stored session. I tried lots of ways on the internet but couldn't get it.

I used document. session returns undefined. Used browser cookie library but still nothing. Used other npm packages.

All cookies examples are made for Google but can't get them from my page.

newUser
  • 386
  • 5
  • 17
  • Are you trying to read the session id from Python on the server or Javascript on the client? What are you using to handle the log-in and create the session? – glenatron Jan 28 '22 at 10:43
  • I am trying to get the stored session in chrome browser. therefore I can make api request without username and password. – newUser Jan 28 '22 at 10:45

1 Answers1

0

A session id like this is usually stored as a cookie so it can be passed back to the server easily with each request. So the question becomes how can I get a cookie by name?

You could probably use a one-liner a little like this- test it in the Javascript console to see whether it needs any tweaking for your situation:

document.cookie.split(';').find( (x) => x.trim().startsWith('session=')).trim().substring('session='.length);
glenatron
  • 11,018
  • 13
  • 64
  • 112
  • But unfortunately, I wrote it document.cookie gives undefined :( – newUser Jan 28 '22 at 12:06
  • When you open the Chrome development tools and go to the `Application` section, which subsection on the left is the session id stored under? – glenatron Jan 28 '22 at 12:14
  • under application section. there is Cookies subsection under on it. writes localhost:5000. When I click on it, name column is session, value is eJwlz8FqAzEMBNB_8XkPkiVZdn5msbQSLQ0N7Cankn-vS88zD2Z-yp5nXB_l9jxfsZ – newUser Jan 28 '22 at 12:34
  • I want to get the value – newUser Jan 28 '22 at 12:34
  • When you are have this page open, if you open the Javascript Console and type just `document.cookie` does it show anything? – glenatron Jan 28 '22 at 14:54
  • shows nothing in console – newUser Jan 28 '22 at 17:55
  • So it is in the Cookies section in the browser tool but you can't access it from the Javascript console? You can go to the `Application` section and see it under `Cookies` then switch to the Javascript console and type `document.cookie` but get nothing? Does it work if you have a different web page open? – glenatron Jan 30 '22 at 00:36
  • when I came across with this problem, At first I wrote document.cookies in the javascript console. It returns undefined. I want to write it here because some developers will think, I wrote here this questions without any research and they will give me -1 without any questions ask :) . – newUser Jan 30 '22 at 12:27
  • It sounds like you are describing a situation where the cookie exists according to the Application tab but it doesn't exist when you try and retrieve it from Javascript. That situation doesn't make sense- if there _are_ cookies you should be able to access them from Javascript. That is why I ask about other pages - there is no reason for cookies not to be accessible if they exist. – glenatron Jan 31 '22 at 10:25
  • I added pciture to the question part – newUser Jan 31 '22 at 10:59
  • Is the cookie set to HttpOnly? ( "A cookie with the HttpOnly attribute is inaccessible to the JavaScript Document.cookie API; it's only sent to the server. For example, cookies that persist in server-side sessions don't need to be available to JavaScript and should have the HttpOnly attribute. " - https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies ) – glenatron Jan 31 '22 at 11:17
  • So to update my previous comment- there _is_ one reason for them not to be accessible if they exist, which is one I had forgotten because it's a long time since I ran into it. – glenatron Jan 31 '22 at 11:18
  • Is there any way to get it? – newUser Jan 31 '22 at 11:22
  • Not from Javascript, but if you control the server you will be able to change how the cookie is sent so that it is accessible. If you are sending calls from Javascript in the same page to the same destination, it should add the cookie automatically. – glenatron Jan 31 '22 at 11:31