3

I've cookie in my application and I need to read it using angularJS ngCookies. When I exported the cookies from browser extension it looks like following json : 

[
  {
    "domain": "localhost",
    "hostOnly": true,
    "httpOnly": false,
    "name": "JSESSIONID",
    "sameSite": "no_restriction",
    "secure": true,
    "session": true,
    "storeId": "0",
    "value": "00FC04BF082458FFE6F175C7E03F5712",
    "id": 18
  }
]

there can be more objects in this JSON along with 'JSESSIONID'. so I want to read only JSESSIONID's value.

my Code :

 var jsessionCookie = $cookies.get('JSESSIONID');
 console.log(" Cookies 'JSESSIONID' : "+jsessionCookie);

I'm getting undefined object.

Enigma
  • 749
  • 1
  • 13
  • 35

2 Answers2

1

The code you have seems fine, but the underlying issue is different.

You have your cookie marked as 

"httpOnly": true

This means that cookie cannot be accessed by client side code including Angular.js.

The only way to access it is to change the code that generates the code so the cookie is not marked as httpOnly. There are some security considerations for making the change, so make sure you understand what you are doing.

You can read more about HttpOnly at OWASP web site.

dotnetom
  • 24,551
  • 9
  • 51
  • 54
  • Ok - consider that flag is 'false' for now (I know marking that flag false will open XSS attacks but I'm not worrying that as of now in this problem - I may need to think upon that separately). Then can you please tell me how to read JSESSIONID's value. – Enigma Oct 26 '16 at 05:33
0

To store a cokkie,

$cookies.put("cookie_name","cookie_value",{"expires":expireDate,"domain":"domain_name"});

To get a stored cookie

var cookieValue = $cookies.get("cookie_name);
Nikhil Mohanan
  • 1,260
  • 1
  • 12
  • 23
  • so what will be the cookie_name from above JSON ? – Enigma Oct 26 '16 at 06:21
  • $cookies.put("JSESSIONID","00FC04BF082458FFE6F175C7E03F5712",{"expires":expireDate,"domain":"domain_name"}); – Nikhil Mohanan Oct 26 '16 at 06:22
  • if you are using localhost `$cookies.put("JSESSIONID","00FC04BF082458FFE6F175C7E03F5712"‌​,{"expires":expireDa‌​te,"domain":""});` – Nikhil Mohanan Oct 26 '16 at 06:24
  • and expires value is not mandatory, if you didn't set that, cookie will have life till your browser session ends. – Nikhil Mohanan Oct 26 '16 at 06:26
  • I'm not putting/writting the cookie. I want to read the JSESSIONID Cookie and I did that using $cookies.get("JSESSIONID"); but got undefined object. – Enigma Oct 26 '16 at 06:26
  • are you accessing that cookie from same domain? From which it generated? – Nikhil Mohanan Oct 26 '16 at 06:29
  • Yes domain is same. – Enigma Oct 26 '16 at 06:48
  • The only reason iam seeing is your path set `"path": "/mcaid/",`. you might be only allowed to access from this path. – Nikhil Mohanan Oct 26 '16 at 06:49
  • sorry I didn't get you. that's my application context path on localhost server. Why the path could be the problem ? – Enigma Oct 26 '16 at 06:53
  • can you try to access the cookie from `/mcaid/` path? – Nikhil Mohanan Oct 26 '16 at 06:55
  • try to access cookie from ... path means what ? my application JS files are trying to access cookies from same path only right ? – Enigma Oct 26 '16 at 07:20
  • @ngDev lets stay at http://localhost/mcaid/ and try to access cookie. path - {string} - The cookie will be available only for this path and its sub-paths. By default, this is the URL that appears in your tag. read this from: https://docs.angularjs.org/api/ngCookies/provider/$cookiesProvider#defaults – Nikhil Mohanan Oct 26 '16 at 07:54
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/126810/discussion-between-nikhil-vm-and-ngdev). – Nikhil Mohanan Oct 27 '16 at 09:51