'how to edit a secure cookie?
i've seen some websites that you cannot get or edit theirs cookie with javascript (just can be seen in browser tool). What kind of cookie are they? How to edit them via javascript?
Solution 1:[1]
They are using HTTPOnly cookies: http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html. They can be neither retrieved nor modified from JavaScript. In other words, the answer to your question "How to edit them via javascript?" is: you cannot.
Solution 2:[2]
I know this question is very old, but this answer might be helpful to some one.
You can modify these kind of cookies in your browser by installing a plugin like Cookie Editor https://addons.mozilla.org/fr/firefox/addon/cookie-editor/, and turn off httponly for that cookie :
Solution 3:[3]
- You cannot edit them by JavaScript i.e. by
document.cookie. - But you can edit by browser dev tools.
The purpose of httpOnly is not to defend against client because ultimately cookies are files stored on client so cannot enforce restrictions on client but it is to protect against client-side JavaScript which is simple terms document.cookie.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Wladimir Palant |
| Solution 2 | Sidahmed |
| Solution 3 | Yusuf |