2

I have a strange problem. I want to check if .ASPXAUTH cookie exists with javascript. I do it like this:

authx = document.cookie.indexOf(".ASPXAUTH" + "=");

and the 'authx' value is always -1. But if I tray to find some other cookie like: 

foo = document.cookie.indexOf("bar" + "=");

it works. Is there some restriction between javascript and .ASPXAUTH cookie???

Improve this question
2
  • well, the first question would be : did you check that the cookie is there ? did you check with firecookie or something, to make sure the cookie is there ? Commented Nov 17, 2010 at 8:10
  • Yes, i checked. Cookie is 100% there. Commented Nov 17, 2010 at 8:38

1 Answer 1

Reset to default
2

I solved it. The problem was, that I had set the 

HttpOnly = true;

which prevents the javascript accessing the cookie. I just set it to false and it works.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

And of course it's meant to be HTTP only in order to avoid the risk of an XSS flaw grabbing your cookie and allowing your session to be hijacked. You've now opened up a vulnerability in your app.
Where did you set that? JS ?
@d.popov Obviously no!, You can set that in your web.config or (in asp.net mvc) as an attribute for each action method
@DrTJ - maybe for you, but not so obvious for someone reading the question. Neither the question, tags or the answer suggests so. The question even suggests JavaScript context!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.