Yes. Enter [`document.cookie`][1] in the console, and you&#39;ll see that none of the checked cookies are visible.

![Name Value Domain Path Expires Size HTTP Secure][2]

HTTP = HttpOnly flag, Secure = secure flag.


  [1]: https://developer.mozilla.org/en/DOM/document.cookie
  [2]: http://i.stack.imgur.com/fJFlE.png

Yes. Right click on your page or press `F12` button. This will open developers tools window. Go to application tab. It&#39;ll show as follow :-

[![enter image description here][1]][1]


Now, typing document.cookie on the tab, you&#39;ll see only csrf token being shown.[![enter image description here][2]][2]


  [1]: https://i.stack.imgur.com/pfLjD.png
  [2]: https://i.stack.imgur.com/2sHP5.png

To specify session cookies to be httpCookie by default, set `&#39;useHttpOnly&#39;` attribute in context.xml in tomcat, for java web application. For more information, refer to http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Common_Attributes

So 2 things . 

1) `HTTP only cookie` this name is a bit misleading as we can send HTTPOnly cookie over HTTPS and it works perfectly fine. Main characteristics of `HTTP Only` cookie is it can&#39;t be accessed using JavaScript . In-fact You can&#39;t even manually edit this in Chrome&#39;s `Application` tab.

2) So how you can edit HTTP Only cookie ? In chrome You can use [extension to edit][1] cookie while development . In production mode there is no way you can adultrate this without `man in the middle` attack on HTTP connection.


  [1]: https://chrome.google.com/webstore/detail/editthiscookie/fngmhnnpilhplaeedifhccceomclgfbg?hl=en

Today (May 2016), googling around for the same reason, I found this question and [this page from developers.google.com](https://developers.google.com/web/tools/chrome-devtools/iterate/manage-data/cookies#learn-about-each-cookie) explaining:

&gt; HTTP: If present, indicates that cookies should be used only over HTTP, and JavaScript modification is not allowed.


We&#39;re using `Postgresql 9.1.4` as our db server.  I&#39;ve been trying to speed up my test suite so I&#39;ve stared profiling the db a bit to see exactly what&#39;s going on.  We are using [database_cleaner](https://github.com/bmabey/database_cleaner) to truncate tables at the end of tests.  YES I know transactions are faster, I can&#39;t use them in certain circumstances so I&#39;m not concerned with that.

What I AM concerned with, is why TRUNCATION takes so long (longer than using DELETE) and why it takes EVEN LONGER on my CI server.

Right now, locally (on a Macbook Air) a full test suite takes 28 minutes.  Tailing the logs, each time we truncate tables... ie:

    TRUNCATE TABLE table1, table2  -- ... etc

it takes over 1 second to perform the truncation.  Tailing the logs on our CI server (Ubuntu 10.04 LTS), take takes a full 8 seconds to truncate the tables and a build takes 84 minutes.

When I switched over to the `:deletion` strategy, my local build took 20 minutes and the CI server went down to 44 minutes.  This is a *significant* difference and I&#39;m really blown away as to why this might be.  I&#39;ve [tuned](http://thebuild.com/presentations/not-your-job.pdf) [the](http://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server) DB on the CI server, it has 16gb system ram, 4gb shared_buffers... and an SSD.  All the good stuff.  How is it possible:

**a.** that it&#39;s SO much slower than my Macbook Air with 2gb of ram  
**b.** that TRUNCATION is so much slower than DELETE when the [postgresql docs][1] [state explicitly][2] that it should be much faster.

Any thoughts?


  [1]: http://www.postgresql.org/docs/9.1/static/sql-truncate.html
  [2]: http://www.postgresql.org/docs/9.1/static/sql-truncate.html#AEN75996

Postgresql Truncation speed

I wonder whether copying a vector&lt;int&gt; I am copying the vector with its values (whereas this is not working with array, and deep copy need a loop or memcpy).

Could you hint to an explanation?

Regards 

std vector C++ -- deep or shallow copy

Does the checkmark at the Http column of Chrome devtool&#39;s Cookie resource panel indicate a HttpOnly cookie?

I can&#39;t find docs that confirm this, though I suspect it is the case. I am trying to verify my app is using HttpOnly for session cookies.

Chrome developer tools &gt; resources &gt; cookies &gt; http column, does a checkmark here indicate HttpOnly cookie?

<p>Does the checkmark at the Http column of Chrome devtool's Cookie resource panel indicate a HttpOnly cookie?</p>
<p>I can't find docs that confirm this, though I suspect it is the case. I am trying to verify my app is using HttpOnly for session cookies.</p>


JavaScript developers who have spent time in languages like C often miss the ability to use certain types of introspection, like logging line numbers, and what method the current method was invoked from. Well if you&#39;re using V8 (Chrome, Node.js) you can employ the following.

Accessing line number in V8 JavaScript (Chrome &amp; Node.js)

I&#39;m using this code:

    profile = webdriver.FirefoxProfile()
    profile.set_preference(&quot;network.proxy.type&quot;, 1)
    profile.set_preference(&quot;network.proxy.http&quot;, &quot;proxy.server.address&quot;)
    profile.set_preference(&quot;network.proxy.http_port&quot;, &quot;port_number&quot;)
    profile.update_preferences()
    driver = webdriver.Firefox(firefox_profile=profile)

to set proxy for FF in python webdriver. This works for FF. How to set proxy like this in Chrome? I found this [exmaple][1] but is not very helpful. When I run the script nothing happens (Chrome browser is not started). 


  [1]: http://seleniumhq.org/docs/04_webdriver_advanced.html#using-a-proxy

How do I set proxy for chrome in python webdriver?

I&#39;m using google webfonts and they fine at super large font sizes, but at 18px, they look awful. I&#39;ve read here and there that there are solutions for font smoothing, but I haven&#39;t found any where that explains it clearly and the few snippets I have found don&#39;t work at all.

My `h4` looks awful in pretty much every browser, but Chrome is the worst. In Chrome, pretty much all of my fonts look terrible.

Can anyone point me in the right direction? Perhaps you know of a resource that explains this clearly? Thanks!

### EXAMPLE SCREENSHOT #1
This screenshot shows the homepage of https://www.dartlang.org/, a programming language that is made by Google (so we can imply that this website is also build by Google) and uses Google Webfonts.

*Screenshot shows Google Chrome on the left, Firefox/Internet Explorer on the right.:*

![google chrome on the left, firefox/internet explorer on the right][1]


### EXAMPLE SCREENSHOT #2
This screenshot shows a product info page on Adobe.com, using webfonts provided by Typekit. Adobe &amp; Typekit are professionals when it comes to fonts.

*Screenshot shows Google Chrome on the right, Firefox/Internet Explorer on the left:*

![google chrome on the left, firefox/internet explorer on the right][2]


  [1]: http://i.stack.imgur.com/k2oyA.png
  [2]: http://i.stack.imgur.com/Dij2C.png

Is there any &quot;font smoothing&quot; in Google Chrome?

Firebug for Firefox has a nice feature, called &quot;Break on property change&quot;, where I can mark any property of any object, and it will stop JavaScript execution right before the change.

I&#39;m trying to achieve the same in Google Chrome, and I can&#39;t find the function in Chrome debugger. How do I do this in Google Chrome?

Breakpoint on property change

For iOS google chrome, when a user hits the &quot;Request desktop site&quot; button what does the browser do to try to bring up a desktop site? I imagine some sort of header on the request that sites are looking for, or something similar?

How does Chrome&#39;s &quot;Request Desktop Site&quot; option work?

I am trying to figure out what &quot;signed cookies&quot; actually are.
There isn&#39;t much on the net, and if I try this:

    app.use(express.cookieParser(&#39;A secret&#39;));

But still... Cookies are still 100% normal on the browser, and I don&#39;t really know what &quot;signed&quot; is here (I was sort of hoping to &quot;see&quot; some weirdness on the client, something like the data encrypted using &quot;A secret&quot; as salt?)

The documentation says (https://github.com/expressjs/cookie-parser):

&gt;    Parse _Cookie_ header and populate `req.cookies`
&gt;    with an object keyed by the cookie names. Optionally
&gt;    you may enabled signed cookie support by passing
&gt;    a `secret` string, which assigns `req.secret` so
&gt;    it may be used by other middleware.


Does anybody know?

Merc.

What are &quot;signed&quot; cookies in connect/expressjs?

I&#39;m trying to set cookies with Go&#39;s net/http package. I have:

    package main

    import &quot;io&quot;
    import &quot;net/http&quot;
    import &quot;time&quot;

    func indexHandler(w http.ResponseWriter, req *http.Request) {
        expire := time.Now().AddDate(0, 0, 1)
        cookie := http.Cookie{&quot;test&quot;, &quot;tcookie&quot;, &quot;/&quot;, &quot;www.domain.com&quot;, expire, expire.Format(time.UnixDate), 86400, true, true, &quot;test=tcookie&quot;, []string{&quot;test=tcookie&quot;}}
        req.AddCookie(&amp;cookie)
        io.WriteString(w, &quot;Hello world!&quot;)
    }

    func main() {
        http.HandleFunc(&quot;/&quot;, indexHandler)
        http.ListenAndServe(&quot;:80&quot;, nil)
    }

I tried googling &#39;Golang&#39; with &#39;cookies&#39;, but didn&#39;t get any good results. If anyone can point me in the right direction it would be greatly appreciated.

Setting cookies with net/http

I would like to know what is a `host only` cookie. 

While retrieving a `form auth`, browser gets in the headers a JSESSIONID cookie shown as `host only`.

What is a host only cookie?

I have 2 pages: `xyz.com/a` and `xyz.com/b`. I can only access `xyz.com/b` if and only if I login to `xyz.com/a` first. If accessing `xyz.com/b` without going through the other, I simply get access denied (no redirect to login) via the browser. Once I login at `xyz.com/a`, I can access the other.

My problem is doing this using the curl command. I can login successfully to `xyz.com/a` using curl, but then try `xyx.com/b` and I get access denied.

I use the following:

    curl --user user:pass https://xyz.com/a  #works ok
    curl https://xyz.com/b #doesn&#39;t work

I&#39;ve tried using the second line with &amp; without the user/password part and still doesn&#39;t work. Both pages uses the same CA, so that&#39;s not a problem. Any suggestions? Thanks

CURL to access a page that requires a login from a different page

Today I had skype interview for a job as PHP developer, one of the questions asked was about Cookies and PHP Sessions.

The question was, can PHP session be set and read, used, if Cookies are disabled in users Browser?

I told them not, beacuse PHP Sessions by default depends on setting a session cookie. When PHP session starts, new session Cookie is set with default name PHPSESSID, and that cookie holds value of that session id, for example: ftu63d8al491s5gatuobj39gk7
Then on apache server in tmp folder file sess_ftu63d8al491s5gatuobj39gk7 is created and it holds content of that session, for example: test1|s:12:&quot;SessionTest1&quot;;test2|s:12:&quot;SessionTest2&quot;;

They told me that&#39;s not true, and that you can use PHP Sessions even if user disables cookies in his browser. 

Then I told them that you can do that, but then session id would be passed through URL as GET variable. And that&#39;s not secure and you must set it up in php.ini.

They were talking how you can use PHP Sessions even if Cookies are disabled in browser. And what if we are building web shop, and some granny uses our web shop and disables cookies and she joust don&#39;t care. And that PHP Sessions are great because you can use them even if user disables Cookies. I was like wtf, wtf wtf?!?!

I made test with two files, index.php starts session and sets session variables. And then session.php tries to read that session variables.

This is how it looks:

index.php

    &lt;p&gt;This is where I start and set php sessions.&lt;/p&gt;
    
    &lt;?php
    
    	session_start();
    	$_SESSION[&#39;test1&#39;] = &quot;SessionTest1&quot;;
    	$_SESSION[&#39;test2&#39;] = &quot;SessionTest2&quot;;
    
    ?&gt;
    
    &lt;p&gt;This is a link, that starts new HTTP Request, and tries to read session set on this page:&lt;/p&gt;
    &lt;p&gt;&lt;a href=&quot;session.php&quot;&gt;Read Session&lt;/a&gt;&lt;/p&gt;

session.php

    &lt;?php
    	
    	session_start();
    	var_export($_SESSION);
    
    ?&gt;
    
    &lt;p&gt;&lt;a href=&quot;index.php&quot;&gt;Back&lt;/a&gt;&lt;/p&gt;

Now, if you enable cookies in your browser, visit index.php, and the visit session.php , session would be printed out.

But, if you clear your browser history and cookies, and then visit index.php, and then visit session.php, you would see empty array right?

So basically my question is, am I right?
Can you use PHP sessions if you disable cookies in your browser?
And do PHP Session mechanism by default, depends on setting a session COOKIE?

Update:
I was going mad about this, so I called back the guy I was talking with. And asked him, can PHP session work without cookies by default? The guy said &quot;yes&quot;. Then I told him he is wrong and he said: &quot;yes, yes, if you say so...&quot; and start laughing. Then I told him, ok if PHP session can work without setting cookie, how would server know current user/browser session id, if its not stored in a session cookie? (I wanted to see if he knows that session id can be passed as GET variable) And he was quiet for at least 20s, and told me that he is a System Administrator, and that I should ask that the Developer guy. And that he is 43 years old and has huge experience of 13 years in the bussines (he started with 30? wtf?), but he trusts me on this one. And I explained him how Session work and that you can use it without Cookie but then session id is passed as GET variable, and told him I told them that on interview, but they ware telling me no, no no... :S 

So basically, the guy didn&#39;t have a clue about PHP and PHP Sessions, and yes he was the one that asked me about sessions telling me that PHP Session can work without cookie, even when I told him it cant be done, and that there is a way to use PHP Sessions without cookies but it won&#39;t work by default. He was like, no no no...
At the end he told me that he was thinking that sessions can work without cookies because he, as System Admin on his servers, can never see sessions in tmp folder?!?!?

Anyway, those guys suck at PHP, there is no way I will accept job offer from them, and after all this I dont think they will offer me a job anyway...

Thanks for all the comments!

PHP Sessions with disabled cookies, does it work?

I want to send message from the console of the random web page to my chrome extension.
chrome.extension.sendMessage doesn&#39;t seem to work.

sending message to chrome extension from a web page

I was working with the developer tools of google chrome on a page without jQuery (or any other library that uses the `$` sign as a shortcut).
When I inspected `$` by the console (by just typing it in and hitting enter), i got this:

    $
    function () { [native code] }


So, chrome has some native function that can be referenced by `$`. Only chrome seems to have this one and i cannot access it via `window[&#39;$&#39;]` nor via `document[&#39;$&#39;]` or `this[&#39;$&#39;]`.

I was not able to find out what this function is. Do you know what it does and maybe have some background information on this?
Thanks in advance!

$ Variable (Dollar Sign) in Chrome?

In the Chrome developer panel, this tool...

![enter image description here][1]

lets you select elements and go directly to them in the DOM view, and see their CSS attributes.

Safari has the same tool.

Is there a keyboard shortcut to activate that tool (once you have the panel open)?


  [1]: http://i.stack.imgur.com/wUTvM.jpg

In the Chrome developer panel, is there a keyboard shortcut for the element selector?

It seems like it should be possible to view the `localStorage`/`chrome.storage` of Chrome Extensions installed on my browser. I&#39;ve played around with the Developer Tools a bit, but haven&#39;t found a way to do this. Any ideas?

How do I view the storage of a Chrome Extension I&#39;ve installed?

I have HTML5 application which opens in a new window by clicking a link. I&#39;m a bit tired of pressing **Shift + I** each time I want to logging network communication to launch **Developer tools** because I need it always. I was not able to find an option to keep Developer Tools always enabled on startup.

Is there any way to open **Developer tools** automatically when new window is opened in Chrome?

Content Type	Original Author	Original Content on Stackoverflow
Question	user854894	View Question on Stackoverflow
Solution 1 - Google Chrome	Rob W	View Answer on Stackoverflow
Solution 2 - Google Chrome	Mangu Singh Rajpurohit	View Answer on Stackoverflow
Solution 3 - Google Chrome	sapy	View Answer on Stackoverflow
Solution 4 - Google Chrome	MattAllegro	View Answer on Stackoverflow

Chrome developer tools > resources > cookies > http column, does a checkmark here indicate HttpOnly cookie?

Google Chrome Problem Overview

Google Chrome Solutions

Solution 1 - Google Chrome

Solution 2 - Google Chrome

Solution 3 - Google Chrome

Solution 4 - Google Chrome

std vector C++ -- deep or shallow copy

Postgresql Truncation speed

Attributions