Could a cookie that was generated with Javascript (not sent in the header by the server) be stolen / used by an attacker?

Question

Could a cookie that was generated with Javascript (not sent in the header by the server) be stolen / used by an attacker?

I am storing a cookie with Javascript and I am getting values from the cookie using Javascript.
I am passing the content of the cookie over https in the ajax header.
I will not use the server session.

Is there a way an attacker could get into the contents of the cookie?

+2

javascript

Trace 27 nov. 14 at 18:35

source to share

1 answer

antimatter · Answer 1 · 2014-11-27T19:13:11+0000

I think you are worried about the "Man in the Middle" . This can happen if you are not using HTTPS with your browser cookie and / or you have mixed media where one of the insecure HTTP requests is sent with a cookie. Make sure it is encrypted with HTTPS and then it's pretty secure (but not impossible to break w / enough processing power).

Could a cookie that was generated with Javascript (not sent in the header by the server) be stolen / used by an attacker?

More articles: