Menu
Is it possible that you disable setting cookies in javascript while stil being able to read them? In my website i set cookies only in php, but it would be usefull that i can read them from Javascript. I know there is a httpOnly flag while creating cookie but that restrict read and write access from Javascript. The reason why i want to restrict write access is of course security as user can easily set cookie even from browser and i want to prevent that.
433
What you can do is create two cookies:
MY_COOKIE_HTTP_ONLY
MY_COOKIE
With the same values in the backend. One which is http only and the other which isn't. The MY_COOKIE_HTTP_ONLY cookie will be used in the backend and MY_COOKIE will be used in the browser. If attacker changes the value of MY_COOKIE in the browser side, well that basically is ok since if attacker has access to your browser, they can do all sorts of things but only in the browser side.
And on the other hand, you will be able to identify this situation by comparing the values.
109
Shortest answer: No. It's not possible.
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
