SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Addict
    Join Date
    Oct 2008
    Posts
    263
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    [jQuery] Cookie Plugin and httponly cookies

    Hello,

    I have protected my cookies by setting them to httponly, but now I am trying to check them through jQuery without sending a AJAX request that checks if the cookie exists using PHP then returns the confirmation (slower). So is there a way to read my own cookies only using jQuery?

    Regards

  2. #2
    One website at a time mmj's Avatar
    Join Date
    Feb 2001
    Location
    Melbourne Australia
    Posts
    6,282
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    If the cookies were set as httpOnly by the server then jQuery will not be able to read them.

    This is a security feature. The idea is that the client - including client-side script - is the untrusted party. If untrusted Javascript makes its way onto the page it's unable to access the cookies.

    Checking if the cookie exists using PHP sounds like it might be an appropriate way to solve this problem and it still doesn't require anything sensitive to be made available to Javascript. Could you include this information in the original PHP page that was generated anyway, doing away with the need for a separate request?
    [mmj] My magic jigsaw
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    The Bit Depth Blog Twitter Contact me
    Neon Javascript Framework Jokes Android stuff


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •