javascriptgoogle-chromecookiesbrowser-extensionbrave-browser

Can a browser extension read a website's cookie?


I am creating cookies like below. I know that website A can't read a cookie from website B, but I was wondering if a plugin could do so? I have a browser extension/plugin which has a minimalist interface and provides for login capabilities, but it has a go to dashboard link and I don't want to make the user login again. Then they would have to log out again. If this is not possible, what other options do I have

function create_cookie(name, value, days) {
    var expires;

    if (days) {
        var date = new Date();
        date.setTime(date.getTime() + (days * 24 * 60 * 60 * 1000));
        expires = "; expires=" + date.toGMTString();
    } else {
        expires = "";
    }
    document.cookie = encodeURIComponent(name) + "=" + encodeURIComponent(value) + expires + "; path=/";
}

Solution

  • Usually yes, depends on the browser. Anyway you must always ask for permissions to the user in some ways that are specific for the browser.

    For example, as your tags, Chrome extension allows through chrome.cookies (Developer Chrome) the access to cookies of a given set of origins. You must request into the manifest of the extension the access to the cookies, and the relative origins, in order to have that properties actually setted and available for certain sites. If you don't ask permissions, chrome leaves that property undefined.

    With chrome.cookies you have free access to cookies setted, read and write, and also you can get in-extension notifications when a cookie changes, throught the JS event system.

    Note that for chrome policy, when an user will install the extension, will be notified about which sites you are currently asking for cookies, togheter with all the permissions you asked for in the manifest.

    It is also a good behaviour, and I think usually there is also a legal obligation depeending on your country, to keep informed your users that you are actually storing/using their cookies in certain sites, and what are you going to do with them.

    If you intend to use cookies just for store informations, and not for some kind of site cookies manipulations, usually browser (like chrome) exposes their localStorage/sessionStorage, or either a specific extension storage also based on file system (like chrome.storage (Developer Chrome)), that allows you to store informations between user sessions. This kind of storage is preferrable because invades lesser the user privacy.