2

I have setup my site to save cookies using the js-cookie plugin. However when I am in in the developer console I am able to set the cookie by using Cookies.set('name', 'value') I want to disable this so users are unable to set/change the cookie.

Is this possible?

Lee Proctor
  • 257
  • 1
  • 3
  • 11
  • Is there a specific reason you want to avoid this behaviour? Perhaps this will help you to get a better answer than the one I provided. – Eoin Feb 05 '20 at 21:42

2 Answers2

1

I am pretty sure that cookies cannot be hidden. If you will look closely, a lot of big websites (as - Facebook, Google and so on)are using cookies and you can see them from your console.

Tamir Abutbul
  • 7,301
  • 7
  • 25
  • 53
0

this is just how the console works. They are not setting the cookies forever, once they refresh things are changed.

You can also do

console.error("Oh dear, we have an error");

And you'll have an error message. But it will again only be for the current user and only until they refresh.

You can even edit the HTML and CSS, again nothing permanent.

I understand this may be concerning, but I don't think the overall impact is usually that large. In essence, anything they can see they can already do.

If you are worried about something more specific such as them gaining access then you should consider how to make that process more secure so they cannot guess what to set the value as perhaps.

Eoin
  • 1,413
  • 2
  • 17
  • 32
  • 1
    Access to cookies via console is weak point of any web page. In this moment only one solution is to give to the cookies some hard recognizable names and encrypted values that your user isn't able to guess their purpose and by changing them handle with web page process. It's "step plus" that need small additional code but keeps away regular users. – Isma Mar 10 '20 at 16:42