Sign in

Back end response header has set cookie, how to pass it through cookie in request header

tlqlw edited in Sat, 08 May 2021

adopt document.cookie If the cookie is set, it cannot be passed. If the request is set withcredentials: true, the cookie can be passed on the second request, but it is the value in the set cookie in the back-end response header, but it is not the value I want to pass. Is there any way to modify this cookie?

Request time code:

     var searchData = {
          pagesize: 8,
          page: 1

      document.cookie = "JSESSIONID=23323232";

          url: url,
          contentType: "application/json",
          dataType: 'json',
          data: searchData,
          type: "GET",
          xhrFields: {
              withCredentials: true
          crossDomain: true,
          dataType: 'json',
          success : function(data){
          error : function(er){

First request:

On the second request:

What I want to pass:

As a result, I can't modify the cookie to be transferred. Is it because the back-end service has set cookie?

3 Replies
commented on Sat, 08 May 2021

If you use cookies to pass information, remove the httponly setting, or pass it directly through the request parameters.

commented on Sat, 08 May 2021


Cookies of HTTP only type cannot be accessed through JavaScript Document.cookie Attribute, which can prevent cross domain scripting attacks (XSS) to a certain extent. When you don't need to access your cookie in JavaScript code, you can set the cookie to type httponly

commented on Sat, 08 May 2021

The cookie modified by httponly is not allowed to be modified by JS

lock This question has been locked and the reply function has been disabled.