Trying to set cookie below ways and facing issues:
Option1:
document.cookie = name + "=" + value + "; expires=" + date.toUTCString() + "; path=/";
This sets value only till name=value when i recall document.cookie.
Option 2:
document.cookie = "${name}=value";
document.cookie = "expires=${date.toUTCString()}";
document.cookie = "path=/";
This works fine and i am able to read all the values from cookie based on ";" split.
Why this odd behaviour?
And in sonarqube report it says assigning document.cookie like the one in option 2 is wrong and its a bug.
Only the key/value pairs are exposed from document.cookie
This is done using JavaScript Object Accessors
Option 1 is working, check your developer tools
Option 2 is actually not what you want. Each assignment creates a new cookie. Three of them are created with respectively name, expires and path as cookie names. What you see from document.cookie is misleading
Related
I'm creating a simple cookie and want to set sameSite to "Lax.. However, whenever I set this in my funciton, sameSite isn't actually being set.
I understand this needs to be set, alongside secure...? Where am I going wrong?
function setCookie(name, value, expirydays) {
var d = new Date();
d.setTime(d.getTime() + (expirydays*24*60*60*1000));
var expires = "expires="+ d.toUTCString();
document.cookie = name + "=" + value + "" + expires + "sameSite=Lax; Secure";
}
seCookie("ejOptExp", "Fkh3wu6USS-7HjQMGoRnDw.2", 7);
I'm using EditThisCookie chrome extension, to view my cookie data. And it looks like samesite is always set to none?
Thank you.
Where am I going wrong?
This issue here is that your cookie's attributes don't have semicolons between them.
If I add console.log(name + "=" + value + "" + expires + "sameSite=Lax; Secure"); to your function and run it I see
ejOptExp=Fkh3wu6USS-7HjQMGoRnDw.2expires=Mon, 05 Apr 2021 17:20:08 GMTsameSite=Lax; Secure
which isn't what you want.
Add some semicolons and that'll solve your issue.
document.cookie = name + "=" + value + "; " + expires + "; " + "sameSite=Lax; Secure";
I understand this needs to be set, alongside secure...?
SameSite=Lax does not require Secure, only SameSite=None does. But it's still good practice to mark your cookies as Secure when possible anyway!
And it looks like samesite is always set to none?
The empty field there means that the browser didn't recognize any SameSite attribute for your cookies (because of the lack of semicolons) and so the attribute is unspecified. As mentioned by ASDFGerte, when SameSite is unspecified the cookie will be treated as "Lax" in most browsers.
I am trying to set several cookies on the client side of my app. I have tried
document.cookie = "cookieName=12345";
I have also tried using the cookies.js library from MDN setting it this way
docCookies.setItem("cookieName", "12345");
In both cases I can see that document.cookie gets updated correctly but in my browser no cookies are created.
Am I doing something wrong?
UPDATE
I have noticed 2 changes I can make to get the cookies created in the browser. First if I only set the cookie value and not domain, path or expires then the cookie works. This part I think I'm not building the string correctly when trying to set the other fields. I've seen articles saying to delimit fields with semicolon and some say to use a comma. When I use a comma, the entire string is getting set as the cookie instead of just the value. When I use a semicolon, the document.cookie value doesn't get updated. So I've tried these 2 ways...
document.cookie = cookieId + '=' + res[cookieId] + '; domain=.mydomain.com; ' + 'expires=' + date + '; httpOnly=true; ' + 'path="/"';
and
document.cookie = cookieId + '=' + res[cookieId] + ', domain=.mydomain.com, ' + 'expires=' + date + ', httpOnly=true, ' + 'path="/"';
The 2nd part of this issue that I've noticed is that for the cookies to show in the browser I have to refresh the page. So I don't see the cookies as soon as they are set but I do if I refresh the browser.
I'm having this problem where I set/overwrite a cookie but I see 2 of them.
One has a dot before the domain "www.sim..."
I'm setting the cookie using javascript using a toggle
document.cookie = "night_mode=" + value + expires + "; path=/";
and only the value changes from 0 to 1.
Any idea how can I fix this? I've tried
The Java Script cookie work fine in all major browser but does not work in Chrome.
function createCookie(name, value, days) {
if (days) {
var date = new Date();
date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
var expires = "; expires=" + date.toGMTString();
} else var expires = "";
document.cookie = name + "=" + value + expires + "; path=/; domain=.198.XXX.XX.99";
}
Cookies are not set in Chrome.
You have to access the page using the IP-address provided under domain and drop the dot before IP, or drop domain all together:
document.cookie = name + "=" + value + expires + ";path=/;domain=198.XXX.XX.99";
|
No dot (.) -------------------+
Here I assume XXX.XX is only obfuscation before posting here on Stack Overflow.
Note: As you can not wildcard IP-address in the domain portion of the Cookie, it becomes rather useless.
Chrome does not accept prepending dot to numeric IP address. E.g. FireFox accept either or. For domains it used to be mandatory, but is now optional.
RFC 2109
RFC 2965
RFC 6265
Edit: It is surely worth testing. I always use a BIND etc.+fake domain on local net/or standalones, thus never IP/localhost or the like. (At least last 10+ years.)
But there seems to be varying trouble around using IP/localhost:
http://code.google.com/p/chromium/issues/detail?id=56211
Cookies on localhost with explicit domain
etc.
Though some of it is dated, do a thorough check or set up a fake domain.
I successfully set a cookie in JavaScript:
var date = new Date();
date.setTime(date.getTime()+(1*24*60*60*1000)); //one day expiration date
var expires = "; expires="+date.toGMTString();
window.name = date.getTime();
document.cookie = "window_name="+window.name+expires+"; path=/";
Then in rails I try to read (I've tried both of the following):
cookies[:window_name]
request.cookies['window_name']
both of which have an empty value.
How can I access the window_name cookie that I set in the Javascript?
I had exactly the same problem, cookie with no value on the rails side...
It seems that cookies set with JavaScript need to be in the path of your controller.
Let say you want to use cookies[:window_name] in the users controller, you need to do :
document.cookie = "window_name="+window.name+expires+"; path=/users/";
Must be security stuff...
I don't what you could do if you want to use that cookie in several controllers, luckily I don't !