Why can't I get 'sessionid' on the client side?

Question

I log into django admin. When I open firebug JS console and try to print cookies with document.cookie I only get csrftoken cookie. But when I open Firefox preferences > Privacy > Delete cookie... then I can see sessionid cookie.

How to get that on client side?

Answer 1

You cannot access the session cookie because it is by default set to HTTPOnly.(You can see it using Firebug(Resources->Cookies->sessionid's HTTP column is checked))

Copying from the docs:

SESSION_COOKIE_HTTPONLY
Default: True

Whether to use HTTPOnly flag on the session cookie. 
If this is set to True, client-side JavaScript will not to 
be able to access the session cookie.

You can set: SESSION_COOKIE_HTTPONLY = False in your settings.py if you really want to have access to it from client side code. Nevertheless it not a recommended practice.