Can a user read my session cookies?

No.

book reader icon
1 Minute
facebook logo gray
linkedin logo gray
mail logo gray
Can a user read my session cookies?

JavaScript Warning

When you create a landing page you can also use JavaScript code. When you have a free account the landing page will have an URL like this http://free.qrplanet.com/your-landing-page. When another user creates a landing page with JavaScript code and you call his URL e.g. http://free.qrplanet.com/another-landing-page when you are logged in a warning will be displayed to protect your account from cookies being stolen.

Sensitive cookies like session cookies are protected with HttpOnly. An HttpOnly Cookie prevents client-side scripts from accessing data.

Content Security Policy (CSP)

Another layer of protection is the Content Security Policy (CSP) which prevents scripts being loaded or data sent to third party servers which are not white listed.

Last update 3 months ago