How to track who deletes a cookie?

I

Ilya2020-12-30 15:58:32

css

Ilya, 2020-12-30 15:58:32

On the site, on the first visit, several cookies are set, including PHPSESSID, the well-known session identifier.
After several transitions around the site (random moment, no logic), all cookies related to the site domain disappear from the browser storage, including PHPSESSID, which has the httpOnly flag.
I look at the network tab, checked all requests specifically to the site (there are others, to advertising sites, etc.) and there is not a word in the headers that cookies should be deleted.
those. They seem to just disappear and that's it.
If the httpOnly flag is set, then JS cannot remove it, right? Who then deletes it? How to track?
Playable on Chrome, Firefox.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Andrew Garfield, 2019-03-03
@MRcracker

So?
UPD.
snippet

I

Ilya, 2020-01-05
@New_Horizons

The problem was that the cookie storage was full. As far as I understand, the browser allocates about 4kb for cookies for a certain domain, and when it was filled to capacity, the browser deleted the old cookies. And js from a third-party service was to blame for the overflow.

N

Nadim Zakirov, 2020-12-30
@zkrvndm

Just keep track of calls to document.cookie -> predefine it with your function, set a programmatic breakpoint and catch calls, it will already be clear from the parameters which function removes them.