Jump to content

Js Cookie [Solved]


Recommended Posts

If i set a cookie on a visitor's marchine(s), and there are also other cookies already present in that marchine, how will

document.cookie

know the one that was set by my site? Or is document.cookie just going to return all the cookies in that system? I just dont understand this cookies of a thing!

Edited by O. Samuel
  • Like 1
Link to post
Share on other sites

document.cookie returns a string of all the cookies which that page has access to.cookies are stored independently for each browser, if Firefox sets one, other browsers won't have access to it, only Firefox will.document.cookie will never return all cookies that are stored in a browser, that would be a huge security issue, and would mean a website could read a cookie which was set by another website! if you set a cookie using the minimal amount of parameters, that cookie will be accessible on the entire domain which set it.so if google.com sets a cookie, example.com won't have access to it, but google.com and code.google.com would. if you look at the parameters of php's setcookie(): http://php.net/manual/en/function.setcookie.phpit has several optional ones which can restrict "who" has access to the cookie, eg. a certain path including sub folders, a certain sub domain, only over HTTPS, or httponly (meaning js wouldn't have access to them).so if code.google.com sets a cookie with the domain parameter set to 'code.google.com', video.google.com wouldn't have access to it, but code.google.com would. when reading doucment.cookie, the browser won't include any cookies in the returned string in which the page calling document.cookie doesn't have access to, if it did, again this would be a security issue. now for the cookie's which a page does have access to, document.cookie will return 1 string with the cookies separated by a semi colon (and probably a space too).so say if you had 3 cookies set, "a" set to "test123", "b" set to "40", and "blah" set to "zz", doucment.cookie would return this string:

"a=test123; b=40; blah=zz"

which can be read like so:

var Cookies = document.cookie.split('; ');var i, j = Cookies.length, Cookie, Key, Value;for (i=0; i<j; i++) {    Cookie = Cookies[i]; // eg. 'b=40'    Cookie = Cookie.split('='); // eg. ['b', '40']    Key = Cookie[0]; // eg. 'b'    Value = Cookie[1]; // eg. '40'}

this is why it's important that data is properly encoded before setting the cookie, eg. a semi colon in the value would mess everything up, so they must be encoded. setting a cookie in javascript is easier than reading it, you can do:

document.cookie = "key=value"

which won't override other cookies which the page has access to.when setting a cookie in js, document.cookie doesn't really act as a string, if it did then it would override other cookies. more info: http://www.quirksmode.org/js/cookies.html

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...