Answered by:
XHR Response Cookies

Question
-
I am trying to submit a request that will return cookies in the response. With fiddler I can see the cookies are returned in the response headers, but XHR result getAllResponseHeaders does not include the Set-Cookie header. Is this intended, and how can I achieve this scenario?
- Changed type Jeff SandersMicrosoft employee, Moderator Friday, April 27, 2012 2:25 PM
Friday, April 27, 2012 1:53 PM
Answers
-
This is by design--cookies are removed from the response headers.
The only workaround I've heard of is to do an xhr call within a web context iframe (<iframe src="ms-appx-web:///myframecontents.html">), extract the cookie there, and pass it to code in your local context via postMessage.
- Proposed as answer by Jeff SandersMicrosoft employee, Moderator Friday, April 27, 2012 4:26 PM
- Marked as answer by Yasser Makram_ Friday, April 27, 2012 6:15 PM
Friday, April 27, 2012 3:51 PM
All replies
-
This is by design--cookies are removed from the response headers.
The only workaround I've heard of is to do an xhr call within a web context iframe (<iframe src="ms-appx-web:///myframecontents.html">), extract the cookie there, and pass it to code in your local context via postMessage.
- Proposed as answer by Jeff SandersMicrosoft employee, Moderator Friday, April 27, 2012 4:26 PM
- Marked as answer by Yasser Makram_ Friday, April 27, 2012 6:15 PM
Friday, April 27, 2012 3:51 PM -
But I'm afraid this won't work if the cookie is HttpOnly which can't be extracted by JavaScript.
Does any one know whether there is a standard way of consuming stateful secure services?
Saturday, May 19, 2012 9:23 AM -
The cookies should be managed by the underlying API logic. Is there a specific example you have of this not working? Is there a reason you need to manage these cookies manually?
-Jeff
Jeff Sanders (MSFT)
Monday, May 21, 2012 1:01 PMModerator -
With the XHR model, do the cookies persist between app sessions?Tuesday, May 22, 2012 5:26 PM
-
Any confirmation regarding the persistence of cookies across app sessions/restarts?
Also, is there any way it can be extracted from the XHR call without being inside an iframe?
Wednesday, November 7, 2012 4:07 AM