Scriptonly cookies?
-
28-10-2019 - |
Question
So, basically what I want is the exact opposite of httponly cookies. I want to set a cookie in the browser via JavaScript and be able to retrieve it via JavaScript only. Meaning, that the cookie is not sent to the server.
The use case is that the JS application is served from an unencrypted http connection. That means that the cookie is sent to the server unencrypted as well and can be sniffed.
Solution
What you need is :
- userData in Internet Explorer 5.5 and above.
- Local Shared Object in Adobe Flash Player browser plugin.
- Web Storage in HTML 5 capable browsers
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow