As in the title
, you can see the complete cookie in the cookie in the application of the browser developer tool.
Individual fields cannot be obtained through document.cookie.
var strcookie = document.cookie;//获取cookie字符串
var arrcookie = strcookie.split(";");//分割
//遍历匹配
for ( var i = 0; i < arrcookie.length; i++) {
var arr = arrcookie[i].split("=");
console.log(arr[0] +":" + arr[1]);
}
Baidu to the result: https://m.imooc.com/wenda/detail/461583
Cookie content that cannot be read should be set to HttpOnly,
That is, the client script cannot be read, and can only be read and operated from the server.
The function of setting HttpOnly is to prevent XSS attacks by preventing JS from reading cookies.
Except through the browser plug-in (the browser provides an interface for it), the use of client-side script is basically 0 possible.