I
I
IvanIF2020-10-25 17:31:47
PHP
IvanIF, 2020-10-25 17:31:47

Why are cookies still available in JS?

I'm trying to disable cookies via JS.
To do this, I wrote in .htaccess :

php_value session.cookie_httponly 1

But when you enter this line in JS, cookies are displayed in the console. An attempt to disable the use of cookies in JS through PHP by writing such a line was also unsuccessful, they are still displayed in the console. How to disable cookies in JS?

console.log(document.cookie);


ini_set('session.cookie_httponly', 1);

Answer the question

In order to leave comments, you need to log in

1 answer(s)
X
xmoonlight, 2020-10-25
@IvanIF

At least once! Look here .

php_value session.cookie_httponly 1
php_value session.cookie_secure 1
1. Clear all browser cookies for the test domain and test again after requesting a page.
2. Always output the current php flag values ​​for the php script in order to be sure they are set to the correct values.
Or so that "on the fly" replace any cookies from the php script code with safe ones:
1. Connect mod_headers
to Apache 2. Add to .htaccess:
Header always edit Set-Cookie (.*) "$1; HTTPOnly"
or for two directives at once:
Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question