Why can't I get a "sessionid" on the client side?

Question

Why can't I get a "sessionid" on the client side?

I enter django admin. When I open the JB Firebug console and try to print cookies with document.cookie, I only get csrftokencookies. But when I open the Firefox settings> Privacy> Delete cookie ... then I see a sessionidcookie.

How to get this on the client side?

+5

javascript django cookies session client-side-scripting

Memke 15 sept. '12 at 10:18

source share

1 answer

thikonom · Accepted Answer · 2012-09-15T10:41:52+0000

You cannot access the session cookie because it is set to HTTPOnly by default (you can see it with Firebug (Resource-> Cookies-> sessionid HTTP column))

Copying from docs :

SESSION_COOKIE_HTTPONLY
Default: True

Whether to use HTTPOnly flag on the session cookie. 
If this is set to True, client-side JavaScript will not to 
be able to access the session cookie.

: SESSION_COOKIE_HTTPONLY = False settings.py, . .

Why can't I get a "sessionid" on the client side?

More articles: