About
This article is about HTTP cookies management in the client side (browser) via javascript.
Cookie are one way to store data in the browser.
document.cookie is a property of the browser document that returns the HTTP cookies that apply to the Document. If no cookies or cookies can't be applied to this resource, the empty string is returned.
With the Web API and Document cookie property
Management
DevTool
You can browse the cookies with the devtool
or an browser extension. Example: Chrome extension Edit this cookie
HttpOnly
A cookie set with the HttpOnly flag, tells the browser that Javascript cannot access this cookie (ie the cookie should only be managed by the server and set in the browser request)
Set
Set two cookies
document.cookie = "name=nico";
document.cookie = "favorite_color=blue";
Get
All
- Read the cookies. The cookies are in a string separated with a ;
console.log("All the cookies:");
console.log(document.cookie);
For the value of the google analytics cookie, see Google Analytics - Utma Cookie
Filter
- Only the cookie that starts with an underscore
console.log("All the cookies:");
console.log(document.cookie.split("; ").filter( (item) => item.trim().startsWith('_') ));
by name
There is no function in the Javascript Web API to get a cookie by name.
We need to parse the value of document.cookie. This is a string of all cookies in a key pair format separated by a ;
- Setting a cookie
cookie_key = "name";
document.cookie = cookie_key+"=nico";
- Regular expression method. Because the key value is saved in variable, we cannot create a regular expression pattern as a string and need to use a regexp constructor
regexp = new RegExp("(?:(?:^|.*;\\s*)"+cookie_key+"\\s*\\=\\s*([^;]*).*$)|^.*$");
var cookieValue = document.cookie.replace(regexp, "$1");
console.log("Regular expression : The value of the cookie with the name key is ("+cookieValue+")");
- Functional Programming method
var cookieValue = document.cookie
.split(";")
.filter( (item) => item.trim().startsWith(cookie_key) )[0]
.split("=")[1];
console.log("Functional Programming: The value of the cookie with the name key is ("+cookieValue+")");
- Result
Delete
To delete a cookie, just set the expiration date in the past.
document.cookie = "key=; expires=Thu, 01 Jan 1970 00:00:00 GMT";
Security Consideration
- cookie can be send to a third party maliciously via What is a Cross-site request forgery attack (CSRF)? Web Security
- If cookies are used, it is possible to protect them from being accessed by JavaScript by setting the HttpOnly flag
Library
Example:
import Cookies from "js-cookie";
Cookies.get('cookie-name');