cookie is sent to server even if it's generated by javascript?

[HopfZ]

Server sends cookie to browser and the browser send the same cookie
back to the server according to Wikipedia.
Do browsers send even javascript-generated cookie to servers?

For example, if I browse to a page on a server and if the content of
the page is the following:

<html>
<head><script>
alert(document.cookie);
var n = prompt('your new name');
document.cookie = 'name='+n+'; path=/; expires= Fri, 31-Dec-2010
23:59:59 GMT';
</script></head>
<body></body>
</html>

Will the browser send the generated cookie to server next time I visit
the page, even if it's not necessary to send the cookie to server in
this case?

 

[Roy A.]

HopfZ skrev:

Server sends cookie to browser and the browser send the same cookie
back to the server according to Wikipedia.
Do browsers send even javascript-generated cookie to servers?

For example, if I browse to a page on a server and if the content of
the page is the following:

<html>
<head><script>
alert(document.cookie);
var n = prompt('your new name');
document.cookie = 'name='+n+'; path=/; expires= Fri, 31-Dec-2010
23:59:59 GMT';
</script></head>
<body></body>
</html>

Will the browser send the generated cookie to server next time I visit
the page, even if it's not necessary to send the cookie to server in
this case?

Yes, it will send the cookie to the server next time you visit any page
on that server.

 

[Bart Van der Donck]

Server sends cookie to browser and the browser send the same cookie
back to the server according to Wikipedia.
Do browsers send even javascript-generated cookie to servers?

Yes, the cookie is always sent back, since "Cookie: " becomesa line in
the HTTP-header set if the browser finds out that the domain in
question holds cookie-data for it. But for javascript-cookies that
doesn't matter; they reside in the browser's own memory and are not
derived from the HTTP-headers (possibly the start value of
document.cookie might get its content from the HTTP-headers (?) but
certainly not afterwards).

For example, if I browse to a page on a server and if the content of
the page is the following:

<html>
<head><script>
alert(document.cookie);
var n = prompt('your new name');
document.cookie = 'name='+n+'; path=/; expires= Fri, 31-Dec-2010
23:59:59 GMT';
</script></head>
<body></body>
</html>

Will the browser send the generated cookie to server next time I visit
the page, even if it's not necessary to send the cookie to server in
this case?

Yes, always (supposed the browser is allowed to do so, obviously).

Actually the core mechanism of cookies is quite simple, server could
say:

Content-type: text/html
Set-Cookie: foo=bar; path=/; expires Mon, 09-Dec-2002 13:46:00 GMT

and when browser requests a page from the same domain, then it will do
something like

Content-type: text/html
Cookie: foo=bar

Now javascript cookies differ significantly from server-side cookies,
since javascript cookies can be edited dynamically/repeatedly from
within a web page. Traditional cookies (as the example transfer above)
can only belong to one single HTTP request.

But javascript has access to the internal memory of the browser, which
allows the browser to read and write cookiedata on-the-fly. It doesn't
have the limitations of HTTP because javascript is executed on the
client, and cookies reside at the client as well. So the browser can
directly read from and write to local (cookie-)files. Changes to
cookies from javascript take place immediately.

Hope this helps,