how to edit a secure cookie?
i've seen some websites that you cannot get or edit theirs co开发者_高级运维okie with javascript (just can be seen in browser tool). What kind of cookie are they? How to edit them via javascript?
They are using HTTPOnly cookies: http://www.codinghorror.com/blog/2008/08/protecting-your-cookies-httponly.html. They can be neither retrieved nor modified from JavaScript. In other words, the answer to your question "How to edit them via javascript?" is: you cannot.
I know this question is very old, but this answer might be helpful to some one.
You can modify these kind of cookies in your browser by installing a plugin like Cookie Editor
https://addons.mozilla.org/fr/firefox/addon/cookie-editor/, and turn off httponly for that cookie :
- You cannot edit them by JavaScript i.e. by
document.cookie
. - But you can edit by browser dev tools.
The purpose of httpOnly
is not to defend against client because ultimately cookies are files stored on client so cannot enforce restrictions on client but it is to protect against client-side JavaScript which is simple terms document.cookie
.
精彩评论