I asked a very similar question yesterday, but I've made some further research and the title for yesterday's question isn't quite accurate.
I have an ASP.NET/C# app. In my server-side code, I'm setting a couple cookies: MyLogin and MySession. In my C# code I'm adding add these code to the Response.Cookies. I see them come back in the response in fiddler.
My server-side code is being called via JavaScript like so:
document.location.href = myURL;
debugger;
In fiddler I see the MyLogin cookie has an expiration set to a month from today. MySession doesn't have an expiration.
I'm using the IE developer tools to step through my JavaScript code above. While I'm stopped at the debugger line above I run the following test page that I created in the same directory as my .aspx page:
<html>
<head>
<script>
var myCookies = "<h1>Cookies</h1><br/>";
myCookies += document.cookie;
//alert(myCookies);
document.write(myCookies);
</script>
</head>
<body>
</body>
</html>
I see the cookies that I sent up with document.location.href = myURL, but not the cookies sent back in the response. I'd expect the cookies that were set on each http request/reponse would keep getting sent up to the browser with every request, until they expired.
I'm definitely not seeing the MySession and MyLogin cookies getting passed up with a web service call that's being called from JavaScript in the load for myURL.
Yesterday it was suggested that the cookies might be httponly, but the http property on both the MyLogin and MySession cookies is false in my C# code. Is there a way to view this property in Fiddler?
-Eric
