javascript - Can cookies be read by third parties?

Question

So I want to pass a random number generated by the js script I wrote, the information has to be hidden until passed to my php script, after that it can be displayed publicly, is it possible for someone to see the information the cookie is holding? If it is possible is there a way to pass information from js to php without anyone being able to see it? Edit- I might've done it wrong but I basically want to make a roulette with hashing and such, I have the hashing done on php and I'd like to animate the roulette using js, animating the roulette using js requires the number that the hashing process makes(I generate a random string and then hash it and use hexdec(substr($hash, 0, 8)) % 15; on it to make a number from it), I'm scared that someone will find out the hash before it reaches js and is animated, because after animation the hash is useless

question from:https://stackoverflow.com/questions/65920987/can-cookies-be-read-by-third-parties

Answer 1

A very complex question. There are several ways in which information can be obtained. First, the browser itself has access to what it holds. We have no way of preventing this information from existing in the browser.

If your site is exposed to xss then you can run scripts on it. As a result, you will be able to access the information you have saved at the javascript level, cookies and everything around.

There is another attack that could be in the communication between the site and the "man in the middle" server. HTTPS communication can help you defend against attack.

Are there other ways? Probably so, it might be easier to help if we understand the exact challenge you are facing