Access of third-party extensions to my cookies

There are used cookies on my website. Recently I noticed some cases of scamming when a third-party extension steals user’s session cookies and sends it to scammers.
Is it possible to prohibit access of browser extensions to cookies of my website? With the help of any meta tag maybe?

Chrome extension sends empty cookies

I have some trouble working with cookies via chrome extension from popup script.

popup.js content:

document.addEventListener('DOMContentLoaded', () => {
    function cookieinfo() {
        chrome.cookies.getAll({url: 'http://localhost:8080'}, function(cookie) {
            console.log('Found cookie: ', cookie)
            if (cookie == null)

            fetch('http://localhost:8080', {credentials: 'include'}).then((response) => {
                // do some stuff
                return response;
}, false);

Steps that I perform:

  1. Log into my application on localhost (So I get the cookies)
  2. Open the popup (so popup.js is executed)
  3. I see in the console log that chrome found necessary cookies
  4. Server says that ingoing request has empty cookies
  5. I refresh page of localhost application
  6. I am logged out now

Maybe someone knows what I’m doing wrong?

Why do Chrome APIs not work in Firefox?

I am developing an extension for Firefox and chrome. I used this code to get cookies in chrome in ContentScript.

getCookies(domain, name, callback) {
                    chrome.cookies.get({"url": domain, "name": name}, function (cookie) {
                        if (callback) {
                            callback(cookie ? cookie.value : null);


I thought this will work in Firefox as well but this is not working there. I tried to use browser.cookies.get but its not working as well. Firefox gives me value if I run this in background script.

Can anybody tell me what is the actual issue here.

Cookies are deleted automatically in Chrome

I notice that certain cookies saved in my chrome browser are getting deleted automatically without any manual intervention. I have the some extensions installed in chrome. I want to know if anybody has faced the same issue. Do certain extension delete cookies on a regular basis? Any information would be helpful

Chrome extensions that can access/modify cookies while document.readyState is still in “loading”?

I built an extension that can intercept and append browser tab ID to all cookie names. By doing this, the real cookies stored into chrome will have the tab associated with the particular cookie.

This makes it so my test web application can have multiple tabs open within the same profile and each tab can have a separate session.

It all works very nicely, but not when the cookies are accessed from the dom “cookies” object when the document.readyState is in loading state.

It works just fine when cookies are set via the server, or when cookies are accessed after doucment.readyState = complete“.

I am trying to find any solution to make the extension able to intercept cookies that are accessed during document.readyState is in loading

Can it be done? Any insights on how one would accomplish this?

I can make changes to the Chromium C++ code to support this if that helps.

Disable other Chrome Extensions with our own extension

I’ve developed a chrome extension which provide Cookie sharing service of any website.
Now the problem is there are many other chrome extension which are able to copy cookies of any website named “EditCookie” etc.
I’m trying to block such extensions means my extension will only work if these editcookie or similar extensions are not install or not active, if someone activate such google chrome extension then my extension should provide them a warning that you cannot use this extension till you disable those extension.
I’ve ID’s of these type of extensions which i’ve to block.

Now i’m looking a way to do this as i’m able to detect these type of extension from my own google chrome extension code.
I know i can’t hide cookie of any websites as these are open in google chrome setting but i’m trying my best to detect right click & blocked inspect element opening but now i’m stuck in these third party extension which shows the cookie of any website in top corner of google chrome.

How to block such extension so, that users can't copy mine cookie.

This is not the 100% secure process but at least 10% users can be blocked if they’re stealing cookies from these extension.

Because i tried everything but unable to do this !

chrome.cookies.getAll returns an empty array

I’m working on a simple chrome extension that will delete all cookies from a domain with one click but for some reason, it’s not working. When I try to get all the cookies from the domain, it returns an empty array. What am I doing wrong?
Here’s the js script:

$("#fixTheCookiesButton").click(() => {
  // delete the cookies
  chrome.cookies.getAll({domain: ""}, (cookies) => {
    console.log("deleting " + cookies.length + " cookies")
    for(var i = 0; i < cookies.length; i++){
      console.log(i + " deleted")
        url: "" + cookies[i].path,
        name: cookies[i].name
    // some other stuff that isn't relevant here

and here's my manifest:

  "manifest_version": 2,
  "name": "FixYT",
  "version": "1.0",
  "description": "Fixes that YT cookie bug with one click",
  "browser_action": {
          "default_title": "FixYT",
          "default_popup": "popup.html"
  "permissions": [

I've tried looking around the internet but I can't find any solutions to this.

Handling multiple timers using cookies in javascript for chrome extension

I am making a chrome extension in which I need to record how much time user spends on a particular website, if it crosses certain specified time duration than user must be notified about that.

For this I am looking forward to use cookies to store duration of active tab(so that info stays even after closing browser) and expire cookies as soon as time allotted gets ‘0’. I know we can’t perform this with simply putting allotted time in expirationDate as timer for this will still be working while tab is not opened.

Can anyone please guide me how I can achieve this. I require different cookies for different websites and separately calculate the time duration of access of them.


               // Iterating through all inputted web addresses that
               // are to be monitored
                for(var j = 0; j < l ; j++){

                var x = addresses[j];

                        // Iterating through all tabs
                        chrome.tabs.query({}, function(tabs) { 
                            for(var i = 0; i < tabs.length; i++){

                                // Checking if some url is matched
                                if (tabs[i].url.includes(x)) {
                                        var t = times[j].toString();
                                        var H = 0;
                                        H = parseInt(t.substr(0, 2));
                                        var M = 0;
                                        M = parseInt(t.substr(3, 2));

                                        // Getting the allotted time      
                                        var time = H * 60 * 60 + M * 60;

                                       // Don't know what to do here
                                       // with cookies to associate 
                                       // each web address with the respective time



Chrome extension get all tab cookies

Trying to get all cookies from the page, using chrome extension.

For example the page os

Here is my code:

chrome.tabs.query({active: true, currentWindow: true}, function(tabs) {
    var domain = getDomain(tabs[0].url);

        domain: domain
    }, function(cookies) {


This code will return all cookies (8) for domain
But the problem is when I’m opening the browser console I see cookies not only for domain:

enter image description here

Same situation is on google and other sites. So I’m having multiple domain cookies on one page. How to get ALL cookies on the page?

Thank for your time.

How does LastPass chrome extension remember logged in user after being opened in incognito mode?

I logged in to LastPass chrome extension in the regular browsing mode. Then I opened a new incognito tab and the LastPass extension still knows who I am. How did they do that? I need that exact behaviour for my chrome extension.