Can't read cookie when there is cookie in header

Question

Please refer to the following picture.

Front-end code calls back-end api to login a user. Back-end is done using Expressjs 4 and cookie store uses redis.

What confuses me is after login is successful, I can see there is cookie set by expressjs using Chrome Inspector, but

document.cookie

Shows nothing. You can use "document.cookie" to set and read cookie of your own, which works fine. But I can't read the one set by back-end API as shown in the above screen picture.

Question

How to read cookie set by back-end API? or What did I miss here?

Similar question: https://stackoverflow.com/questions/1022112/why-doesnt-document-cookie-show-all-the-cookie-for-the-site — Lincoln Bergeson, May 22 '17 at 17:14

score 1 · Accepted Answer · edited Jun 20 '20 at 09:12

Refering to this documentation:

cookie.httpOnly

Specifies the boolean value for the HttpOnly Set-Cookie attribute. When truthy, the HttpOnly attribute is set, otherwise it is not. By default, the HttpOnly attribute is set.

And according to this:

HttpOnly cookies aren't accessible via JavaScript through the Document.cookie property.

In the devtools, there's a column HTTP that will contain a checkmark for that particular cookie, to reflect its HttpOnly status.

Can't read cookie when there is cookie in header

1 Answers1