When I inspect a page via chrome dev tools there is a very large list of cookies, as opposed to when using document.cookie there are only a few.
Can anyone explain the difference between these cookies and the ones via my console.log, and why I can not access them via javascript?
Is it even possible to get these cookies I see in the dev tool using javascript?
Do I need to set them manually first?
Thanks!
Related
I store some info in cookies in my Javascript code. I have had no problem to set and read them from local drive until Firefox Quantum installed.
Now it seems that the cookies are set (been checked among the cookies), but cannot be read if I open the html file. The document.cookie.length value is always zero. Yet if I set the cookies and refresh the browser (or open the file again not closing the first file) the cookies can be read.
So far Firefox stored and read cookies all right using file:///, but this twist is new for me. Some setting has to be changed, I guess.
Can anybody tell me a solution, how to allow to read the cookies again from local drive?
Thank you.
Firefox Quantum (as with Google Chrome and others) has disabled storing cookies for local files due to security issues and other problems. The HTML5 web storage commands are taking over what used to be done with cookies for both server and local web pages. See "https://www.w3schools.com/html/html5_webstorage.asp"
I am trying to figure out a way to see values stored in my sessions i.e. something like this plugin for cookies
Mainly trying this as this flow for sessions:
sessionStorage.setItem('token', 'someValue')
console.log(sessionStorage.getItem('token'))
console.log(sessionStorage.length)
sessionStorage.removeItem('token')
console.log(sessionStorage.length)
console logs this:
undefined
2
1
So clearly the session is being set (+ there was another one from somewhere, hence 2 sessions)
However how can I check it's value and use it in code, if it is returning undefined
Your browser's development tools probably offer this.
For instance, in Chrome's dev tools, you'd go to the Resources tab and choose Session Storage on the left, then pick the origin from the list:
On Firefox, the Storage Inspector is disabled by default. You have to go into dev tools, click the gear icon for dev tools settings, and enable it, but then you can use it in much the same way:
Other browsers' dev tools may have similar features.
For example in Chrome :
Right click -> Inspect-> Resources -> Session Storage -> Lists storage data for all the domains
I found this list of storage locations for different browsers.
Unfortunately, it´s not certain that the files will always contain the most recent data; but I´d say it´s worth a shot.
Have you thought about setting breakpoints and use the console to read from the session?
Some cookies are marked as HttpOnly. See Chrome developer tools > resources > cookies > http column, does a checkmark here indicate HttpOnly cookie?
If I use this code inside the debug console to get all cookies:
document.write(document.cookie)
Then it gives me everything except the HttpOnly cookies, which because my code is running inside the javascript environment and the design of HttpOnly is to hide it from the javascript environment.
Is there another option to use the Chrome console to get all the cookies?
I am hoping to get this in the same format as the above line of code produces.
I am able to see session cookies in Firefox 3.6 by going to
Tools->Options->Privacy->Remove Individual Cookies
How do I see those same session cookies in IE (6/7/8)?
Tools->Internet Options->Browsing
history Settings->View files
only contains persistent cookies
Also how do I access them programmatically? In Firefox I use the nsICookieManager interface to read the session cookies, does IE contain an equivalent interface?
Cookies set with the HTTPOnly attribute will not be visible to Javascript (e.g. via the document.cookie accessor). In IE8, 9, and 10, hit F12 to open the Developer Tools. Click Cache > View Cookie Information to see persistent and session cookies that apply to the current domain.
This feature is not present in the IE11 version of the tools, which would mean that your choices are 1> Watch outbound Cookie headers in Fiddler or on the Network tab, or 2> Write a plugin that calls the InternetGetCookieEx API with the appropriate flag to include HTTPOnly cookies.
Type into adress-bar:
javascript:alert(document.cookie)
to see the cookies that are currently readable by javascript.
Regarding to the read/write of session-cookies:
Why do you need to do it using javascript? usually session-cookies are needed to have an relation to serverside stored data, so you need to manage the cookies from serverside, no matter what browser there may be.
F12-> Network Tab -> Enable Network Capture Traffic Capturing - > Details Tab -> Request Header Tab.
I have a URI here in which a simple document.cookie query through the console is resulting in three cookies being displayed. I verified this with trivial code such as the following as well:
var cookies = document.cookie.split(';');
console.log(cookies.length);
The variable cookies does indeed come out to the number 3. Web Developer on the other hand is indicating that a grand total of 8 cookies are in use.
I'm slightly confused to believe which is inaccurate. I believe the best solution might involve just reiterating the code above without the influence of Firebug. However, I was wondering if someone might suggest a more clever alternative to decipher which tool is giving me the inaccurate information.
One reason might be that the other 5 cookies are HTTPONLY:
http://msdn.microsoft.com/en-us/library/ms533046.aspx
If the HttpOnly attribute is included
in the response header, the cookie is
still sent when the user browses to a
Web site in the valid domain. The
cookie cannot be accessed through
script in Internet Explorer 6 SP1,
even by the Web site that set the
cookie in the first place. This means
that even if a cross-site scripting
bug exists, and the user is tricked
into clicking a link that exploits
this bug, Windows Internet Explorer
does not send the cookie to a third
party. The information is safe.
Firefox also respects this flag (as of v2.0.0.5).
I'm pretty sure the web developer toolbar shows cookies for domain and sub-domains.
So it will show cookies for
abc.xyz.com
xyz.com
whether you are on a page of either domain