Cookie secure flag using javascript

Question

I want inform about how to set cookie secure flag and http flag using javascript. When I open in chrome developer tools with F12 and click "Application->cookies" I see no flag here (in secure and http column), this is my code to set cookie:

document.cookie = name+'='+value+'; expires='+expires+'; path=/;';

I also find this topic, but this not help me: How to set cookie secure flag using javascript

secure at end of my string is not my solution (not work well), because the whole cookie then disappears, do not load — LiH, Aug 25 '17 at 12:07
Then you're not in a secure setup, thus `secure` will (correctly) not make the cookie appear for you. — Niet the Dark Absol, Aug 25 '17 at 12:10
I try it and in https secure flag works, but what about HTTP flag? — LiH, Aug 25 '17 at 12:22
If you set the httpOnly flag correctly, it won't appear in your JavaScript anyway... What are you trying to achieve? — Niet the Dark Absol, Aug 25 '17 at 12:24
I want to achieve that flag, because I got from Horus test that this two thing i have wrong. — LiH, Aug 25 '17 at 12:25

score 3 · Accepted Answer · edited Dec 08 '17 at 10:58

It is impossible to create HttpOnly cookie with JavaScript. **HttpOnly** Cookie means it is not accessible by scripting languages. And therefore it cannot be created by Javascript.

To prevent cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to JavaScript's Document.cookie API; they are only sent to the server. For example, cookies that persist server-side sessions don't need to be available to JavaScript, and the HttpOnly flag should be set.

Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies

Cookie secure flag using javascript

1 Answers1