locked
XHR Response Cookies

    Question

  • I am trying to submit a request that will return cookies in the response. With fiddler I can see the cookies are returned in the response headers, but XHR result getAllResponseHeaders does not include the Set-Cookie header. Is this intended, and how can I achieve this scenario?
    Friday, April 27, 2012 1:53 PM

Answers

  • This is by design--cookies are removed from the response headers.

    The only workaround I've heard of is to do an xhr call within a web context iframe (<iframe src="ms-appx-web:///myframecontents.html">), extract the cookie there, and pass it to code in your local context via postMessage.

    Friday, April 27, 2012 3:51 PM

All replies

  • This is by design--cookies are removed from the response headers.

    The only workaround I've heard of is to do an xhr call within a web context iframe (<iframe src="ms-appx-web:///myframecontents.html">), extract the cookie there, and pass it to code in your local context via postMessage.

    Friday, April 27, 2012 3:51 PM
  • But I'm afraid this won't work if the cookie is HttpOnly which can't be extracted by JavaScript.

    Does any one know whether there is a standard way of consuming stateful secure services?

    Saturday, May 19, 2012 9:23 AM
  • The cookies should be managed by the underlying API logic.  Is there a specific example you have of this not working?  Is there a reason you need to manage these cookies manually?

    -Jeff


    Jeff Sanders (MSFT)

    Monday, May 21, 2012 1:01 PM
    Moderator
  • With the XHR model, do the cookies persist between app sessions?
    Tuesday, May 22, 2012 5:26 PM
  • Any confirmation regarding the persistence of cookies across app sessions/restarts?

    Also, is there any way it can be extracted from the XHR call without being inside an iframe?

    Wednesday, November 7, 2012 4:07 AM