Javascript document.cookie works in Chrome but not Firefox - javascript

Well I have this javascript that sets cookie in javascript, which stores a serialized json event object. It works fine on Chrome but not on Firefox, why does this happen? Can anyone please help?
document.cookie="cjaxevent="
+ CJAX.serializeEvent(e)
+ "; expires="
+ new Date(e.timeStamp + 30000).toGMTString()
+ "; path=/; domain=."
+ document.domain;

Related

Create cookie with samesite: "Lax"

I'm creating a simple cookie and want to set sameSite to "Lax.. However, whenever I set this in my funciton, sameSite isn't actually being set.
I understand this needs to be set, alongside secure...? Where am I going wrong?
function setCookie(name, value, expirydays) {
var d = new Date();
d.setTime(d.getTime() + (expirydays*24*60*60*1000));
var expires = "expires="+ d.toUTCString();
document.cookie = name + "=" + value + "" + expires + "sameSite=Lax; Secure";
}
seCookie("ejOptExp", "Fkh3wu6USS-7HjQMGoRnDw.2", 7);
I'm using EditThisCookie chrome extension, to view my cookie data. And it looks like samesite is always set to none?
Thank you.
Where am I going wrong?
This issue here is that your cookie's attributes don't have semicolons between them.
If I add console.log(name + "=" + value + "" + expires + "sameSite=Lax; Secure"); to your function and run it I see
ejOptExp=Fkh3wu6USS-7HjQMGoRnDw.2expires=Mon, 05 Apr 2021 17:20:08 GMTsameSite=Lax; Secure
which isn't what you want.
Add some semicolons and that'll solve your issue.
document.cookie = name + "=" + value + "; " + expires + "; " + "sameSite=Lax; Secure";
I understand this needs to be set, alongside secure...?
SameSite=Lax does not require Secure, only SameSite=None does. But it's still good practice to mark your cookies as Secure when possible anyway!
And it looks like samesite is always set to none?
The empty field there means that the browser didn't recognize any SameSite attribute for your cookies (because of the lack of semicolons) and so the attribute is unspecified. As mentioned by ASDFGerte, when SameSite is unspecified the cookie will be treated as "Lax" in most browsers.

Setting "document.cookie"

Trying to set cookie below ways and facing issues:
Option1:
document.cookie = name + "=" + value + "; expires=" + date.toUTCString() + "; path=/";
This sets value only till name=value when i recall document.cookie.
Option 2:
document.cookie = "${name}=value";
document.cookie = "expires=${date.toUTCString()}";
document.cookie = "path=/";
This works fine and i am able to read all the values from cookie based on ";" split.
Why this odd behaviour?
And in sonarqube report it says assigning document.cookie like the one in option 2 is wrong and its a bug.
Only the key/value pairs are exposed from document.cookie
This is done using JavaScript Object Accessors
Option 1 is working, check your developer tools
Option 2 is actually not what you want. Each assignment creates a new cookie. Three of them are created with respectively name, expires and path as cookie names. What you see from document.cookie is misleading

Why are cookies in document.cookie not showing in browser cookies

I am trying to set several cookies on the client side of my app. I have tried
document.cookie = "cookieName=12345";
I have also tried using the cookies.js library from MDN setting it this way
docCookies.setItem("cookieName", "12345");
In both cases I can see that document.cookie gets updated correctly but in my browser no cookies are created.
Am I doing something wrong?
UPDATE
I have noticed 2 changes I can make to get the cookies created in the browser. First if I only set the cookie value and not domain, path or expires then the cookie works. This part I think I'm not building the string correctly when trying to set the other fields. I've seen articles saying to delimit fields with semicolon and some say to use a comma. When I use a comma, the entire string is getting set as the cookie instead of just the value. When I use a semicolon, the document.cookie value doesn't get updated. So I've tried these 2 ways...
document.cookie = cookieId + '=' + res[cookieId] + '; domain=.mydomain.com; ' + 'expires=' + date + '; httpOnly=true; ' + 'path="/"';
and
document.cookie = cookieId + '=' + res[cookieId] + ', domain=.mydomain.com, ' + 'expires=' + date + ', httpOnly=true, ' + 'path="/"';
The 2nd part of this issue that I've noticed is that for the cookies to show in the browser I have to refresh the page. So I don't see the cookies as soon as they are set but I do if I refresh the browser.

duplicate cookies for same domain

I'm having this problem where I set/overwrite a cookie but I see 2 of them.
One has a dot before the domain "www.sim..."
I'm setting the cookie using javascript using a toggle
document.cookie = "night_mode=" + value + expires + "; path=/";
and only the value changes from 0 to 1.
Any idea how can I fix this? I've tried

Cookies function working fine in all major browsers except Chrome

The Java Script cookie work fine in all major browser but does not work in Chrome.
function createCookie(name, value, days) {
if (days) {
var date = new Date();
date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
var expires = "; expires=" + date.toGMTString();
} else var expires = "";
document.cookie = name + "=" + value + expires + "; path=/; domain=.198.XXX.XX.99";
}
Cookies are not set in Chrome.
You have to access the page using the IP-address provided under domain and drop the dot before IP, or drop domain all together:
document.cookie = name + "=" + value + expires + ";path=/;domain=198.XXX.XX.99";
|
No dot (.) -------------------+
Here I assume XXX.XX is only obfuscation before posting here on Stack Overflow.
Note: As you can not wildcard IP-address in the domain portion of the Cookie, it becomes rather useless.
Chrome does not accept prepending dot to numeric IP address. E.g. FireFox accept either or. For domains it used to be mandatory, but is now optional.
RFC 2109
RFC 2965
RFC 6265
Edit: It is surely worth testing. I always use a BIND etc.+fake domain on local net/or standalones, thus never IP/localhost or the like. (At least last 10+ years.)
But there seems to be varying trouble around using IP/localhost:
http://code.google.com/p/chromium/issues/detail?id=56211
Cookies on localhost with explicit domain
etc.
Though some of it is dated, do a thorough check or set up a fake domain.

Categories