Why can't I get 'sessionid' on the client side?
-
02-07-2021 - |
Question
I log into django admin. When I open firebug JS console and try to print cookies with document.cookie
I only get csrftoken
cookie. But when I open Firefox preferences > Privacy > Delete cookie... then I can see sessionid
cookie.
How to get that on client side?
La solution
You cannot access the session cookie because it is by default set to HTTPOnly.(You can see it using Firebug(Resources->Cookies->sessionid's HTTP column is checked))
Copying from the docs:
SESSION_COOKIE_HTTPONLY Default: True Whether to use HTTPOnly flag on the session cookie. If this is set to True, client-side JavaScript will not to be able to access the session cookie.
You can set: SESSION_COOKIE_HTTPONLY = False
in your settings.py if you really want to have access to it from client side code. Nevertheless it not a recommended practice.
Licencié sous: CC-BY-SA avec attribution
Non affilié à StackOverflow