Menu
If I create the function:
function setCookie(name, value)
{
// this works:
// document.cookie=name + "=" + escape(value) + "; path=/;";
// this does not:
// document.cookie=name + "=" + escape(value) + "; path=/; secure; HttpOnly; SameSite=strict";
}
setCookie('my_cookie','some_random_value');
I am not 100% on why this second option is not working. Any ideas anyone?
295
See MDN:
A cookie with the HttpOnly attribute is inaccessible to the JavaScript Document.cookie API; it is sent only to the server. For example, cookies that persist server-side sessions don't need to be available to JavaScript, and should have the HttpOnly attribute. This precaution helps mitigate cross-site scripting (XSS) attacks.
You can't set it with document.cookie because the entire point of the flag is to prevent it being set (or read) with document.cookie.
104
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
