JavaScript by Darren Jones

Author:Darren Jones
Language: eng
Format: epub
Publisher: SitePoint
Published: 2017-09-12T23:00:00+00:00

Don't Rely On Cookie Expiry

Applications that contain sensitive information shouldn't rely on cookies expiring using these methods. Browsers can sometimes hold on to information stored in a cookie that should have expired when the 'session restore' feature is used after a crash.

The Path and Domain of Cookies

By default, cookies can only be read by pages inside the same directory and domain as the file was set. This is for security reasons so that access to the cookie is limited.

The path can be changed so that any page in the root directory can read the cookie. It’s done by adding the string '; path=/' to the end of the cookie when it is set:

document.cookie = 'name=Batman; path=/'

It’s also possible to set the domain by adding "; domain=domainName" to the end of the cookie:

document.cookie = 'name=Batman; domain=sitepoint.com';

A cookie can only be read by the domain that created it anyway, but doing this will allow all subdomains of sitepoint.com (such as javascript.sitepoint.com and books.sitepoint.com) to read it.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.