XHR Response Cookies

Question

I am trying to submit a request that will return cookies in the response. With fiddler I can see the cookies are returned in the response headers, but XHR result getAllResponseHeaders does not include the Set-Cookie header. Is this intended, and how can I achieve this scenario?

Answer 1

This is by design--cookies are removed from the response headers.

The only workaround I've heard of is to do an xhr call within a web context iframe (<iframe src="ms-appx-web:///myframecontents.html">), extract the cookie there, and pass it to code in your local context via postMessage.

Answer 2

But I'm afraid this won't work if the cookie is HttpOnly which can't be extracted by JavaScript.

Does any one know whether there is a standard way of consuming stateful secure services?

Answer 3

The cookies should be managed by the underlying API logic.  Is there a specific example you have of this not working?  Is there a reason you need to manage these cookies manually?

-Jeff

---

Jeff Sanders (MSFT)

Answer 4

With the XHR model, do the cookies persist between app sessions?

Answer 5

Any confirmation regarding the persistence of cookies across app sessions/restarts?

Also, is there any way it can be extracted from the XHR call without being inside an iframe?