halukkaramete at gmail.com
Tue Feb 16 10:09:14 UTC 2016
On Tue, Feb 16, 2016 at 1:43 AM, Nikola Nikolov <nikolov.tmw at gmail.com>
> Well, I believe that there's a reason why some cookies are httpOnly and not
> A way around this would be to add some other flag within your DOM or
> otherwise JS-accessible that the current visitor is a logged-in user. Not
> sure if it's WordPress that does that, but with Twenty Fourteen, the body
> gets a class of "logged-in" so you can easily check that. Alternatively you
> can either hook to 'wp_head' or 'wp_footer' and render your own <script>
> tag with a variable in it, or you can use wp_localize_script() to again
> pass something from PHP to JS.
> The browser shows you the cookies, because it's the browser and it has
> control of everything(plus it has to take those cookies to the server with
> httpOnly cookies and I don't think anyone would build a browser that
> doesn't follow that specification.
> On Tue, 16 Feb 2016 at 06:24 Haluk Karamete <halukkaramete at gmail.com>
> > document.cookie does not report/contain the wordpress cookie starting
> > the prefix "wordpress_logged_in_" followed by a hash.
> > This is most likely, it is an httpOnly cookie.
> > But it surely shows up on the chrome->dev-console->resources->cookies
> > It would be there, it the user logged in, and if would not be there, if
> > user logged out, or that cookie has expired.
> > If document.cookie reported all the names of the cookie, this would not
> > have been an issue.
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers