javascript understanding cookies indepth

Question

In my frontend react application, I am trying to check if a session cookie exists, as this will help me decide whether to show a login page (if no session cookie exists or invalidated), or show content page.

The backend express-session middleware sets a cookie with a name "connect.sid". When I query the presence of this cookie with js-cookie, it shows as undefined. But I know this cookie exists. I also created another cookie programmatically from the browser console. While I am able to successfully query the cookie which I set programmatically from browser console window, I am unable to find the first one.

Here is the screenshot to show the available cookies.

And here is my test for both cookies from browser console.

I am unable to figure it out, why querying for "connect.sid" is failing. Can someone help me, where I am going wrong here...

See the `HTTP` column. The entry is `HttpOnly` and JavaScript can't read that. — Ram, Dec 26 '15 at 06:52
so, it means, I can't access a HTTP-ONLY cookie is it? I am planning to do session availability detection in my react based front end app. So, should I create my own javascript cookie? — Mopparthy Ravindranath, Dec 26 '15 at 06:55
That's a switch. You can disable it (server side) and it will make your app less secure. I usually use tokens (JWT as an example) and send a request to server in the app's bootstrap file. If server returns 200 status code then the user is logged-in (token is valid) and the app is initialized. Otherwise the login modal is shown. — Ram, Dec 26 '15 at 06:58
ok, got it. Then I prefer to set a client side cookie, after login success, which will have user name (but no other parameters). Thx. — Mopparthy Ravindranath, Dec 26 '15 at 07:03

javascript understanding cookies indepth

0 Answers0