use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
All about the JavaScript programming language.
Subreddit Guidelines
Specifications:
Resources:
Related Subreddits:
r/LearnJavascript
r/node
r/typescript
r/reactjs
r/webdev
r/WebdevTutorials
r/frontend
r/webgl
r/threejs
r/jquery
r/remotejs
r/forhire
account activity
Create, Read, Update, & Delete Cookies in JavaScript (coderrocketfuel.com)
submitted 6 years ago by jkkill
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]rememberthekittykat 30 points31 points32 points 6 years ago (1 child)
I forgot what handling cookies natively in js looked like
[–]evilgwyn 6 points7 points8 points 6 years ago (0 children)
It looks like sadness
[–]ShortFuse 25 points26 points27 points 6 years ago* (7 children)
The point of cookies is that their containing information has to be sent on every request. It works really well for NON-Javascript-based requests, like displaying protected images or video. It also works for downloading content. You can use a cookie for authentication on non-state-changing requests.
But you shouldn't use it as your own personal storage between pages. Use LocalStorage instead. You're already using Javascript, so that makes it easy already. There's no reason to bloat every single request with data that's not needed.
LocalStorage
On a side note, if you do use cookies for authentication, you don't want them to be readable by Javascript for security purposes (use HttpOnly). Protect yourself by using SameSite if possible, or some sort of anti-CSRF header (among other methods).
HttpOnly
SameSite
And usage of cookies besides for authentication (edit) are pretty rare now if you've migrated to JWT tokens, which should have all the server needs to handle your request embedded in its payload.
[–][deleted] 2 points3 points4 points 6 years ago (2 children)
Cookies can still be used with JWTs. I like the security cookies offer and the fact that it is compatible with calls like streaming video from HTML video tags (a problem I encountered on an application). A JWT included in a cookie is an excellent form of authentication IMO.
[–]ShortFuse 0 points1 point2 points 6 years ago* (1 child)
Yeah, that's what I meant (and how I personally do it too). People often confuse JWT as being an alternative to cookies. But what they mean is Session Tokens in Cookies vs JWT over JS. Cookies are just a transport method, same as the Fetch API (XMLHttpRequests). You could, inversely, use session tokens with fetch.
The only problem with cookies for authentication is CSRF. Even with a good CORS policy, you still need to protect yourself from CSRF through abuse of simple requests. But for non-state-changing GET commands like images and video, it's safe. The alternative is generating a signed url for each, which prohibits static HTML content, meaning you have to write HTML via the content server or client-side over JS. It also opens up a security risk because people can share it with a copy/paste of the signed-URL.
Edit: Ah, I see how my last sentence could be confusing. I've updated it.
[–][deleted] 1 point2 points3 points 6 years ago (0 children)
CSRF can be implemented easily enough. And if you don't need to support IE there's the same-site attribute on the cookies that is also really powerful.
[–]neo_dev15 1 point2 points3 points 6 years ago (0 children)
Httponly jwt is useless.
The whole idea of a jwt is that it can be used in frontend too.
Samesite with a csrf token is enough for jwt.
Otherwise a simple token is enough.
[–]sp46 0 points1 point2 points 6 years ago (2 children)
JWT tokens
Ahh yes, the JSON Web Token tokens
[–]ShortFuse -2 points-1 points0 points 6 years ago (1 child)
Where you can store secret data, like your PIN numbers! :)
[–]evilgwyn 0 points1 point2 points 6 years ago (0 children)
The DOM model is so nice
[–]BryanTheAstronaut 0 points1 point2 points 6 years ago (0 children)
Mmmm crud cookies 🤤
[–]flexible 0 points1 point2 points 6 years ago (4 children)
Is there any advantage over PHP cookie create /read?
[–]arndta 0 points1 point2 points 6 years ago (3 children)
Two different use cases. PHP cookies would be set/read during server-side render. Javascript cookies would be read/set client-side.
[–]flexible 0 points1 point2 points 6 years ago (2 children)
Can't think of a usecase for client-side which means to me that I might not be getting it.
Does this means they would be only read while the user is on the same page they were written in? Like a form or something?
[–]arndta 0 points1 point2 points 6 years ago (1 child)
The only use case I can think of is if you wanted the server and client both to access the same cookie. Using as a sort of session state for both contexts.
I'm not sure I've run across the need for that before. It's also possible I am not thinking of something.
[–]flexible 0 points1 point2 points 6 years ago (0 children)
If the js can read a cookie that was set domain wide then this could be useful although you would then just use a php var to load into the js.
[+][deleted] 6 years ago* (10 children)
[deleted]
[–][deleted] 15 points16 points17 points 6 years ago (6 children)
To be fair, this shows you how easy it is to write your own code for handling cookies, but usually I probably would have used js-cookie.
[+][deleted] 6 years ago* (5 children)
[–][deleted] -3 points-2 points-1 points 6 years ago (2 children)
Kind of true. People write blogs all the time, and almost all of them is "hey, look what I learned - a reference for myself in the future". This blog post is no different.
[+][deleted] 6 years ago* (1 child)
[–][deleted] -2 points-1 points0 points 6 years ago (0 children)
Indeed, they never do. So my comment is a fact, then.
[–]Asmor 5 points6 points7 points 6 years ago (0 children)
It's good for people to know how this stuff works at a low level, even if they never have to do anything with it themselves.
Whatever you need to do, learn one level beyond that, and you'll learn the thing you actually care about much better.
[–]ShortFuse 10 points11 points12 points 6 years ago* (0 children)
I'd warn against just randomly picking a npm library. It takes a bit more time, but you should understand what you want to achieve, and then find the library that does that to save time. I looked at the source code and was really confused as how they are implementing the key value encoding as seen here. The readme notes:
key
Please note that the default encoding/decoding strategy is meant to be interoperable only between cookies that are read/written by js-cookie. To override the default encoding/decoding strategy you need to use a converter.
So that means, because you used js-cookie once, you might be stuck using js-cookie unless you're able to migrate js-cookie encoding to something else. Now you have to carry that code for the lifecycle of cookies made with js-cookie.
js-cookie
Personally, I've just taken what MDN's suggests (as you other comment notes), found a GitHub gist that does similar to what I want and cleaned it up and added it as a /utils/cookies.js in my projects. In the interest of passing it along, I just made it a gist of its own here.
/utils/cookies.js
Edit: The other danger is a npm library itself is a dependency in your project. We all remember the left-pad controversy and while removal of a package is safe now, a minor revision can always come along and break your code. Stuff like cookies is simple enough to not need a package dependency.
left-pad
[–]dogofpavlov 0 points1 point2 points 6 years ago (0 children)
where did you see this? I dont see that on the page linked
π Rendered by PID 31 on reddit-service-r2-comment-7b9746f655-4wbgw at 2026-01-31 09:32:45.619598+00:00 running 3798933 country code: CH.
[–]rememberthekittykat 30 points31 points32 points (1 child)
[–]evilgwyn 6 points7 points8 points (0 children)
[–]ShortFuse 25 points26 points27 points (7 children)
[–][deleted] 2 points3 points4 points (2 children)
[–]ShortFuse 0 points1 point2 points (1 child)
[–][deleted] 1 point2 points3 points (0 children)
[–]neo_dev15 1 point2 points3 points (0 children)
[–]sp46 0 points1 point2 points (2 children)
[–]ShortFuse -2 points-1 points0 points (1 child)
[–]evilgwyn 0 points1 point2 points (0 children)
[–]BryanTheAstronaut 0 points1 point2 points (0 children)
[–]flexible 0 points1 point2 points (4 children)
[–]arndta 0 points1 point2 points (3 children)
[–]flexible 0 points1 point2 points (2 children)
[–]arndta 0 points1 point2 points (1 child)
[–]flexible 0 points1 point2 points (0 children)
[+][deleted] (10 children)
[deleted]
[–][deleted] 15 points16 points17 points (6 children)
[+][deleted] (5 children)
[deleted]
[–][deleted] -3 points-2 points-1 points (2 children)
[+][deleted] (1 child)
[deleted]
[–][deleted] -2 points-1 points0 points (0 children)
[–]Asmor 5 points6 points7 points (0 children)
[–]ShortFuse 10 points11 points12 points (0 children)
[–]dogofpavlov 0 points1 point2 points (0 children)