daydreamer daydreamer - 1 month ago 19
AngularJS Question

AngularJS: Can not read session value


  • The session is set by server when the user logs in



I want to retrieve this value in my
angular
front end, but it says
undefined


The relevant code is

$scope.logout = function () {
console.log('session value', $cookieStore.get('session'));
}


and my app is also configured to include
ngCookies


var app = angular.module('myApp', ['ngCookies']);


when I run my application, i see

session value undefined


I can however, see the session in
Chrome Dev Tools


enter image description here

What is that I am missing?

Answer

What is that I am missing?

The server set the cookie as Session cookie (HttpOnly flag). This means that you cannot access this cookie on the client. The client will send the cookie to the server on each request but the client has no access to its value. That's the very definition of an HttpOnly cookie. If you want to be able to access this cookie value on the client you should modify your server side script so that when it is setting the cookie it doesn't append the HttpOnly flag to it. Obviously this comes with the corresponding disclaimer about the security vulnerability that you might be opening on your site depending on the purpose and specific value stored in this cookie.