Check if cookie exists

Hello,

through a javascript injection im trying to find out if a cookie exists on my computer. Here’s the code I inject:

javascript: if (document.cookie.indexOf('_idp_session') != -1) alert('cookie is here'); else alert('cookie is not here');

and when visiting the options of my browser, I can locate the cookie, and i can see its there.

Nevertheless my script keeps telling me its not there…

what am i doing wrong?

I have a question if anyone knows it? What does this value do?

!= -1

What’s it stand for? =/

indexOf()

Not equal to -1. The indexOf() method returns -1 upon failure to locate the supplied string.

The injection works at places like google.com with rememberme

When you inject just document.cookie, do you see the expected cookie values?

Are you injecting on the same domain, and within an acceptable path for the cookie?

ah i see what i’m doing wrong.

I keep searching ‘document.cookie’, but that will only show me the cookies of the website i’m currently visiting…

As you can see in the screenshot in my first post, the cookie is in http://idp.katho.be

I made an alert() that shows me the cookies that are available on the website im currently on. When logging in on idp.katho.be i saw this:

So the cookie is there, but 2 seconds later i get redirected to the platform, on another domain, so i cant see _ipd_session-cookie anymore

How can i make the code search for the cookie in that location, instead of document.cookie?

You can only get access to cookies set for the domain that you are on.

noo, tell me thats not true… There has to be a way?!

It’s a security issue - if you can access cookies on any domain then I could get access from my website, to the cookies for your Facebook, or MySpace or Pornhub (etc.) account and steal that information, set the cookie myself - voila - identity theft :slight_smile:

You cannot reach in and take a cookie that doesn’t belong to you. The only way to access it is from the other domain itself.

Except on christmas day, when the cookie jar is open to anyone, but only for 24 hours.

ok thats funny (:

but im in trouble! I need to check wheather the cookie exists or not, and if it exists, redirect to one page, and if it doesnt, redirect to another page… through a javascript injection

if you can access cookies on any domain then I could get access from my website, to the cookies for your Facebook, or MySpace or Pornhub (etc.)

Hahahah Mal! That was funny!