Jump to content

httpOnly Cookie retrieval


MySQL_Narb

Recommended Posts

For FireFox

 

I've been learning more about AJAX, and one of my applications need to read a httpOnly cookie (not my choice) in order to work properly. How can I go about this? I tried:

 

var req = null;
try { req = new XMLHttpRequest(); } catch(e) {}
if (!req) try { req = new ActiveXObject("Msxml2.XMLHTTP"); } catch(e) {}
if (!req) try { req = new ActiveXObject("Microsoft.XMLHTTP"); } catch(e) {}
req.open('GET', 'http://www.removed.com/', false);
req.send(null);
alert(req.getResponseHeader("bb_sessionhash"));

 

Yet his only outputs null?

Link to comment
https://forums.phpfreaks.com/topic/265367-httponly-cookie-retrieval/
Share on other sites

Any custom HTTP response/request headers should start with "X-". Are you sure you don't mean to parse the "bb_sessionhash" cookie from the "Set-Cookie" response header? Bare in mind you will only be able to do that whenever the cookie is actually sent back. Why are you being forced to use a httpOnly cookie may I ask?

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.