All geek questions in one place

Is there a security issue with using javascript to manage cookies?

Hey guys, another quick question for experts. I have a warning window that displays updates processed in php to the user, just like this site. I want to make sure that if the user closes the window, he will not appear for another 5 minutes (if they do not check the messages, he will not appear, because the entries that cause the pop-up are deleted in the database), At the end of the window I I thought about providing a javascript cookie to the user, since the warning window is being executed in javascript. I was wondering if this was bad coding practice, as I am not familiar with cookies and have previously been warned against them. If anyone has any advice or can recommend a better way, I would really appreciate it.

+3
source share
2 answers

There is nothing wrong with using javascript cookies. You should know that the user can change them at will; but they can change non javascript cookies, so I donโ€™t see what the problem is.

The issue you heard about is probably getting (instead of setting) cookies through javascript; if the contents of the cookie are confidential (e.g. password), then this becomes a problem when using cross-site scripting.

None of this applies to you. Use javascript cookie!

+1
source

Here is a great post on codinghorror.com about cookie protection , Protecting Your Cookies: HttpOnly "

0
source

Source: https://habr.com/ru/post/1739405/

More articles:


All Articles