Home > Software design >  I can view httpOnly cookies in browser
I can view httpOnly cookies in browser

Time:09-10

I thought that httpOnly cookies were only available to read in a http request. However, when I open up Firefox dev tools, I can see the cookies' value. Is this normal?

CodePudding user response:

Yes, that's normal. What HttpOnly does is it prevents cookies from being accessible to JavaScript, which makes impossible to tamper with programatically (on the client). You can still access it manually through the browser's devtools. (If you weren't, it'd be quite difficult to debug issues with them, after all.)

CodePudding user response:

Yes, that’s normal.you can access the cookies using the devtool.

  • Related