Photo of David Bowman


Change .ROCK cookie to NOT be httponly

I would like to use the API with javascript on a subdomain that is different from the Rock subdomain, but is the same domain.  For example, the .ROCK cookie that is set on is readable by the server in the request header on, but is not entered into the DOM to be readable by Javascript in the browser.    Is there an attribute/flag somewhere to turn off the httponly of the ID cookies or where is that cookie set so I could turn it off in the code. 

  • Photo of Scott Armstrong


    Did you ever find a solution to this issue? I am running into the same and I am looking for a way to fix it.