Get and set cookies, and be notified when they change.
To use this API, you need to have the "cookies" API permission as well as host permissions for the sites whose cookies you need to access. See cookie Permissions.
Types
cookies.Cookie
- Represents information about an HTTP cookie.
cookies.CookieStore
- Represents a cookie store in the browser. An incognito mode window, for instance, uses a separate cookie store from a non-incognito window.
cookies.OnChangedCause
- The underlying reason behind the cookie's change. It may be one of:
-
"explicit"
- A cookie was inserted or removed explicitly via a
Set-Cookie
header, or an API call such ascookies.set
orcookies.remove
. "expired"
- A cookie was removed automatically, due to expiry.
"expired_overwrite"
- A cookie was removed because it was overwritten by a cookie with a cookie with an expiration date in the past.
"evicted"
- A cookie was automatically removed due to storage quotas.
"overwrite"
- A cookie was automatically removed because it was overwritten by a new cookie with the same parameters.
Functions
cookies.get()
- Retrieves information about a single cookie. If more than one cookie of the same name exists for the given URL, the one with the longest path will be returned. For cookies with the same path length, the cookie with the earliest creation time will be returned.
cookies.getAll()
- Retrieves all cookies from a single cookie store that match the given information. The cookies returned will be sorted, with those with the longest path first. If multiple cookies have the same path length, those with the earliest creation time will be first.
cookies.set()
- Sets a cookie with the given cookie data; may overwrite equivalent cookies if they exist.
cookies.remove()
- Deletes a cookie by name.
cookies.getAllCookieStores()
- Lists all existing cookie stores.
Events
cookies.onChanged
- Fired when a cookie is set or removed. As a special case, note that updating a cookie's properties is implemented as a two step process: the cookie to be updated is first removed entirely, generating a notification with
"cause"
of"overwrite"
. Afterwards, a new cookie is written with the updated values, generating a second notification with a"cause"
of"explicit"
.
Permissions
In order to use this API, an add-on must specify the "cookies" API permission in its manifest, along with host permissions for any sites for which it wishes to access cookies. The add-on may read or write any cookies which could be read or written by a URL matching the host permissions. For example:
http://*.example.com/
-
An add-on with this host permission may:
- Read a non-secure cookie for
www.example.com
, with any path. - Write a secure or non-secure cookie for
www.example.com
with any path.
It may not:
- Read a secure cookie for
www.example.com
.
- Read a non-secure cookie for
http://www.example.com/
-
An add-on with this host permission may:
- Read a non-secure cookie for
www.example.com
, with any path. - Read a non-secure cookie for
.example.com
, with any path. - Write a secure or non-secure cookie for
www.example.com
with any path. - Write a secure or non-secure cookie for
.example.com
with any path.
It may not:
- Read or write a cookie for
foo.example.com
. - Read or write a cookie for
foo.www.example.com
.
- Read a non-secure cookie for
*://*.example.com/
-
An add-on with this host permission may:
- Read or write a secure or non-secure cookie for
www.example.com
with any path.
- Read or write a secure or non-secure cookie for
Browser compatibility
Edge | Firefox | Chrome | Opera | |
---|---|---|---|---|
Cookie | ? | 45.0 | Yes | 33 |
CookieStore | ? | 45.0 | Yes | 33 |
OnChangedCause | ? | 45.0 | Yes | 33 |
get | ? | 45.0 | Yes | 33 |
getAll | ? | 45.0 | Yes | 33 |
getAllCookieStores | ? | 45.0 | Yes | 33 |
onChanged | ? | 45.0 | Yes | 33 |
remove | ? | 45.0 | Yes | 33 |
set | ? | 45.0 | Yes | 33 |
Firefox | |
---|---|
Cookie | 48.0 |
CookieStore | 48.0 |
OnChangedCause | 48.0 |
get | 48.0 |
getAll | 48.0 |
getAllCookieStores | 48.0 |
onChanged | 48.0 |
remove | 48.0 |
set | 48.0 |
The "Chrome incompatibilities" section is included from https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Chrome_incompatibilities using the WebExtChromeCompat macro.
If you need to update this content, edit https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Chrome_incompatibilities, then shift-refresh this page to see your changes.
Chrome incompatibilities
- In Firefox:
onChanged
events might be subtly differentgetAllCookieStores
always just returns one default store and no tabs- accessing cookies from private tabs is impossible
This API is based on Chromium's chrome.cookies
API. This documentation is derived from cookies.json
in the Chromium code.
// Copyright 2015 The Chromium Authors. All rights reserved. // // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions are // met: // // * Redistributions of source code must retain the above copyright // notice, this list of conditions and the following disclaimer. // * Redistributions in binary form must reproduce the above // copyright notice, this list of conditions and the following disclaimer // in the documentation and/or other materials provided with the // distribution. // * Neither the name of Google Inc. nor the names of its // contributors may be used to endorse or promote products derived from // this software without specific prior written permission. // // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.