Keeping the cookie after a cross-domain ajax request

Question

A javascript application running on 10.0.0.1 tries to authenticate it's users with cross-domain ajax calls.

The request looks like:

function test(again){
  $.ajax({
    type: 'GET',
    url: 'http://example.com/userinfo',
    dataType: 'json',
    success: function(userinfo){
      if(again)
        test(false);}});}
test(true);

The first response from the server tries to set a cookie:

Access-control-allow-origin:http://10.0.0.1
Set-Cookie:PHPSESSID=uuj599r4k1ohp48f1poobil665; expires=Sat, 28-Jan-2012 17:10:40 GMT; path=/

But the second request does not include this cookie, nor do any other ajax requests to that domain.

I am not trying to read the cookie for another domain, I just want the application on the other domain to be able to set and read its own cookie.

Is this possible?

I have tested in Chrome and Firefox 9.

Answer 1

server should set header:

response.Headers.Add("Access-Control-Allow-Credentials", "true");

client set to:

xhrFields: {
  withCredentials: true
}

Answer 2

As long as you are using a browser which supports CORS, cookies on the AJAX request should work. But you must set withCredentials on the XMLHttpRequest to true.

See: The withCredentials attribute

I don't use JQuery but here's a question that deals specifically with setting withCredentials via JQuery.

Sending credentials with cross-domain posts?