Set a cookie to HttpOnly via Javascript

by

An HttpOnly cookie means that it’s not available to scripting languages like JavaScript. So in JavaScript, there’s absolutely no API available to get/set the HttpOnly attribute of the cookie, as that would otherwise defeat the meaning of HttpOnly.

Just set it as such on the server side using whatever server side language the server side is using. If JavaScript is absolutely necessary for this, you could consider to just let it send some (ajax) request with e.g. some specific request parameter which triggers the server side language to create an HttpOnly cookie. But, that would still make it easy for hackers to change the HttpOnly by just XSS and still have access to the cookie via JS and thus make the HttpOnly on your cookie completely useless.

More Related Contents:

  1. How do you increment a cookie value?
  2. “Cross origin requests are only supported for HTTP.” error when loading a local file
  3. Detect when a browser receives a file download
  4. Accessing the web page’s HTTP Headers in JavaScript
  5. Get cookie by name
  6. Error: request entity too large
  7. Clearing all cookies with JavaScript
  8. What is the shortest function for reading a cookie by name in JavaScript?
  9. Using http rest apis with angular 2
  10. Detecting if a browser is using Private Browsing mode
  11. How do I check if a cookie exists?
  12. Method for streaming data from browser to server via HTTP
  13. How to make a jsonp POST request that specifies contentType with jQuery?
  14. How to do the chain sequence in rxjs
  15. Javascript Cookie with no expiration date
  16. How to prevent an HTTP request just for a favicon?
  17. Pure JavaScript code for HTTP Basic Authentication?
  18. How can I use JavaScript on the client side to detect if the page was encrypted?
  19. Why doesn’t document.cookie show all the cookie for the site?
  20. CORS cookie credentials from mobile WebView loaded locally with file://
  21. Angular 2 – Chaining http requests
  22. How to use cookie inside `getServerSideProps` method in Next.js?
  23. Axios – DELETE Request With Request Body and Headers?
  24. Calling Express Route internally from inside NodeJS
  25. How to download a csv file using PhantomJS
  26. Sending an HTTP Post using Javascript triggered event
  27. Get HTTP Body of Form in JavaScript
  28. I need to get all the cookies from the browser
  29. Breaking JavaScript execution when cookie is set
  30. Set cookie on multiple domains with PHP or JavaScript

Leave a Comment