无法访问 JS 中的 document.cookie 中的 Cookie,但浏览器显示 Cookie 存在

我无法从 JavaScript 访问任何 cookie。我需要读取一些值,然后通过 JSON 将它们发送给我的自定义检查。

我尝试从 JS 访问 cookies,就像它在:

正如你在代码中看到的,它就像水晶一样清晰:

var c_value = document.cookie;

当我试图从 Chrome 的网络调试器中访问 document.cookie值时,我只能看到 注意表情处的空字符串:

所以我无法读取 cookie 值,这正是我需要的。

我已经检查了 cookie 名称,我正在发送它来获得一个相关的值是正确的。 另外,如果您感兴趣的话,我使用 W3学校源代码来获取 cookie (但是从第2个链接来看,技术是相似的)。

我怎样才能解决我的问题?

91622 次浏览
小开
最佳答案

You are most likely dealing with httponly cookies. httponly is a flag you can set on cookies meaning they can not be accessed by JavaScript. This is to prevent malicious scripts stealing cookies with sensitive data or even entire sessions.

So you either have to disable the httponly flag or you need to find another way to get the data to your javascript.

By looking at your code it should be easy to disable the http only flag:

Response.AddHeader("Set-Cookie", "CookieName=CookieValue; path=/;");
Response.SetCookie(new HttpCookie("session-id") { Value = Guid.NewGuid().ToString(), HttpOnly = false });
Response.SetCookie(new HttpCookie("user-name") { Value = data.Login, HttpOnly = false });

Now you should be able to access the cookie information from JavaScript. However I don't know exactly what kind of data you are trying to get so maybe you can go for another approach instead and for example render some data attribute on the page with the information you need instead of trying to read the cookie:

<div id="example" data-info="whatever data you are trying to retrieve"></div>


console.log(document.getElementById('example').getAttribute('data-info'));
小开

If your cookie is set as Set-Cookie or Set-Cookie2 it's not part of the response headers collection: http://www.w3.org/TR/XMLHttpRequest/#the-getallresponseheaders%28%29-method

Returns all headers from the response, with the exception of those whose field name is Set-Cookie or Set-Cookie2.

小开

I would say http only is your first culprit but this can also occur by not setting the scope of your cookie.

If the site has been redirected from another domain, you will need to look into setting the scope of the cookie. Domain and Path defines the scope of the cookie, which URLs the cookie should be sent to. Depending on this, you might not see the cookie in your response.

I ran across this issue when setting a cookie on a successful SAML SSO login and couldn't retrieve the cookie from the Document because it was never send as part of the request.

小开

keep an eye also to the cookie's Path attribute, as the cookie is only visible to subdirectories under Path. I had your issue and I solved setting Path "/"

小开

If you are using some secure authentication then that case you could not access cookies directly because of secure. you have to change some response attribute in server side using below code .

Response.AddHeader("Set-Cookie", "CookieName=CookieValue; path=/;");
Response.SetCookie(new HttpCookie("session-id") { Value = Guid.NewGuid().ToString(), HttpOnly = false });
Response.SetCookie(new HttpCookie("user-name") { Value = data.Login, HttpOnly = false });

But you should not because it may change secure to un-secure, so you have to find out solution that be done in server side to delete cookies and allow to you do some operations.

Its possible to do changes in server side.

小开

I had the same problem several times. And every time, it was for a different reason.

Different reasons:

  • problem of httpOnly field. It was set to false and I was trying to access it from the console. Setting it to true or accessing it from the source code did the trick.
  • problem of secure field. It was true and I was using only http.
  • problem of Expires / Max-Age. The cookie was outdated and it was not visible in document.cookie.

提交答案