The content obtained through document.cookie in js is incomplete!
You can see the complete cookie in the cookie in the browser's application, and individual fields cannot be obtained through document.cookie.
Is there any other way to obtain it? ?
image description
PHP中文网2017-05-19 10:42:18
The unreadable cookie content mentioned in the problem description should be set to HttpOnly, that is, the client script cannot read it and can only read and operate it from the server.
The purpose of setting HttpOnly is to prevent XSS attacks by preventing JS from reading Cookies.
Except through browser plug-ins (the browser provides an interface for it), it is basically impossible to use client-side scripts.
PHP中文网2017-05-19 10:42:18
Look at the back of the Cookies and there is http. The ones that cannot be obtained should be http only. The front end cannot obtain them and can only obtain and operate through http requests
PHP中文网2017-05-19 10:42:18
The cookie size is limited and differs between browsers. Now it is generally recommended to use localstorage
黄舟2017-05-19 10:42:18
Although HttpOnly cookies cannot be viewed using scripts, the chrome extension can be viewed.
After installing this plug-in: EditThisCookie
you can view all cookie contents, which is especially effective during testing.
