Work with cookies in JavaScript


Сookie (web cookie or browser cookie) is a string of information that can be stored in a browser and sent to the server.

The maximum size for one cookie is 4096 bytes. The number of cookies for one domain can be from 20 to 242, depending on the browser.

Cookies are written as a string, but on a key-to-value basis.

document.cookie = "username=John Brown";

Cookies may contain parameters



To set access only on certain pages. The default is for the current page.


Sets the domain. In the absence of access to subdomains is not possible. By default is absent. That is, to access the same cookie on and, you need to set domain =;



expires=Sat, 29 Feb 2020 14:00:00 GMT;

Indicates the date by a string in GMT format. Can be obtained using Date.toUTCString(). The cookie expiration date after which the browser will delete it.


Alternative to expires. Indicated in seconds. If the max-age value is 0 or less, then the cookie is deleted. By default, neither expires nor max-age is set, and the cookie only lives until the browser closes.



The setting allows you to transfer cookies only over the https protocol.


SameSite=Strict; или SameSite=Lax;

Another security setting. From CSRF attack.

Parameters example

document.cookie = "username=John Brown; path=/;; max-age=3600";

Directly working with the string is not very convenient. Better to work with cookies using functions.

Get Cookie

function getCookie(name) {

    let matches = document.cookie.match(new RegExp(
      "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)"
    return matches ? decodeURIComponent(matches[1]) : undefined

Set Cookie

function setCookie(name, value, options = {}) {

  options = {
    path: '/',

  if (options.expires instanceof Date) {
    options.expires = options.expires.toUTCString();

  let updatedCookie = encodeURIComponent(name) + "=" + encodeURIComponent(value);

  for (let optionKey in options) {
    updatedCookie += "; " + optionKey;
    let optionValue = options[optionKey];
    if (optionValue !== true) {
      updatedCookie += "=" + optionValue;

  document.cookie = updatedCookie;

Delete Cookie

function deleteCookie(name) {
  setCookie(name, "", {
    'max-age': -1


blog comments powered by Disqus