View HttpOnly session cookies in Internet Explorer

OrangeDog picture OrangeDog · Aug 13, 2012 · Viewed 8.3k times · Source

Using Internet Options I can see all persistent cookies, and using Developer Tools I can see all JS-accessible session cookies. There does not seem to be a way to view HTTPOnly session cookies.

In Firefox there are many options, both built-in and with Firebug, to view cookies, including being able to see the request/response headers. Is there no way in IE8 to see HTTPOnly session cookies?

Related questions (no solutions for HttpOnly): IE7 IE8

Answer

Vrashabh Irde picture Vrashabh Irde · Aug 4, 2013

Check this out: http://blogs.msdn.com/b/jpsanders/archive/2009/06/04/understanding-the-new-wininet-flag-internet-cookie-httponly.aspx

There are a couple of new Cookie flags introduced with the Internet Explorer 8 WinInet.dll. The INTERNET_COOKIE_HTTPONLY flag allows you to read the HttpOnly cookies in your WinInet Code. This flag is documented here: http://msdn.microsoft.com/en-us/library/aa384714(VS.85).aspx.

and here's a way to build a tool and use this: http://www.codeproject.com/Articles/38616/Retrieve-HttpOnly-Session-Cookie-in-WebBrowser

Off the IE8 shelf not sure I see a way to retrieve HTTPOnlyCookies, since the dev tools seems to show only non HTTPOnly cookies. If you want to use a tool, use Fiddler2 and set response type to HTTPOnly.