51

Using JavaScript I'd like to get the domain value for a specific cookie.

Is this possible? If so, how?

To clarify: I'm not looking for the value of the cookie. I'm on subdomain.example.com and I need to remove a cookie whose name is known but its domain value is something like .example.com. In short: I'd like to get the value of .example.com.

Improve this question
1
  • 1
    The only way I know of to get cookie attributes (path, domain, expiry, security) is to tack them on the value when you create or modify the cookie or its value. Commented Jun 2, 2010 at 16:43

2 Answers 2

Reset to default
56

Sorry, all you get is what you see in document.cookie. The cookie metadata like path, domain and expires are not visible to site code (neither to JavaScript nor to the server-side).

To read a cookie that is being shadowed by a cookie with a more-specific domain or path, the only thing you can do is load a page for which the more-specific cookie is out-of-scope, and read it from there.

If, as you say, you only need to remove a cookie, what you could do is try to remove the cookie at every possible level of specificity, eg.:

    document.cookie= 'foo=;domain=sub.domain.example.com;expires=Sat, 01-Jan-2000 00:00:00 GMT';
    document.cookie= 'foo=;domain=domain.example.com;expires=Sat, 01-Jan-2000 00:00:00 GMT';
    document.cookie= 'foo=;domain=example.com;expires=Sat, 01-Jan-2000 00:00:00 GMT';

and similarly with the path variable. You could put this in a nested loop for each path and domain part, splitting on . for the domain and / for the path.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

So basically you recommend carpet bombing. I can't see another solution either. :)
Yeah, that's a nice way of describing it!
How does the Firefox Web Developer "View Cookie Information" utility do it? Apparently, the domain information is in there somewhere.
@Gregory: The Web Developer extension runs as chrome, so has a higher level of access to Firefox's internal objects than you can get from plain old web site JavaScript.
4

You can only access cookies from the same domain (this includes subdomains). Obviously doing otherwise would be a security concern.

Improve this answer

2 Comments

I think that's not quite true. subdomains can set cookies for a *. parent domain, as I understand it: serverfault.com/questions/153409/…
Correct: one of the things cookies can do that localStorage cannot: you can set it on the main domain. Programmatically figuring out what the "toplevel" domain that you can set it on is can be complex though: you can set a cookie on amazon.com but not co.uk as co it's a special SLD. You'd have to set it on amazon.co.uk instead. So it's not as simple as "just the last two segments."

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.