Is there any way to read a secure cookie with JavaScript?
I tried to do it using document.cookie
and as far as I can see on this article about secure cookies and HttpOnly flag, I cannot access a secure cookie this way.
Can anyone suggest a workaround?
This question is related to
javascript
security
cookies
The whole point of HttpOnly cookies is that they can't be accessed by JavaScript.
The only way (except for exploiting browser bugs) for your script to read them is to have a cooperating script on the server that will read the cookie value and echo it back as part of the response content. But if you can and would do that, why use HttpOnly cookies in the first place?
Httponly cookies' purpose is being inaccessible by script, so you CAN NOT.
Source: Stackoverflow.com