jquery - Is it possible to get the Set-Cookie value from an HTTP response header in JavaScript? - Stack Overflow

admin管理员组

文章数量:1391925

I'm using jQuery's ajax() method to make some asynchronous server calls and want to catch the case where a call fails because the session has timed out.

From looking at the response headers in this case, I see that they include

Set-Cookie: SMSESSION=LOGGEDOFF

which seems like a pretty reliable test. But calling getAllResponseHeaders on the XMLHttpRequest object passed to jQuery's error callback apparently returns an empty string, and I'm having trouble figuring out any other way of getting that header information.

Is this possible?

I'm using jQuery's ajax() method to make some asynchronous server calls and want to catch the case where a call fails because the session has timed out.

From looking at the response headers in this case, I see that they include

Set-Cookie: SMSESSION=LOGGEDOFF

which seems like a pretty reliable test. But calling getAllResponseHeaders on the XMLHttpRequest object passed to jQuery's error callback apparently returns an empty string, and I'm having trouble figuring out any other way of getting that header information.

Is this possible?

• javascript
• jquery
• ajax
• http-headers
• xmlhttprequest

Share Improve this question Follow asked Aug 25, 2011 at 21:30 Dan TaoDan Tao 129k5757 gold badges308308 silver badges450450 bronze badges 9

• 1 stackoverflow./questions/220231/… – quantumSoup Commented Aug 25, 2011 at 21:31
• @quantumSoup: OK then, looks like it's a duplicate, so I will close this one... just to clarify, though, is the correct answer that you can't access the response headers? One of the answers to the other question mentions getAllResponseHeaders and has 17 upvotes. – Dan Tao Commented Aug 25, 2011 at 21:36
• 1 @zzzz: I had a similar thought... It seems that doesn't happen until after the callbacks have been called though; am I right in saying that? I suppose I could just do some sort of setTimeout deal in the plete callback in that case... – Dan Tao Commented Aug 25, 2011 at 21:43
• 3 According to this spec (w3/TR/XMLHttpRequest/#the-getresponseheader-method), getAllResponseHeaders() will return all headers except the Set-Cookie header. You have to go through the cookie interface to get cookies. – jfriend00 Commented Aug 25, 2011 at 22:34
• 1 @jfriend00: Sadly, what I'm seeing appears to be that: (1) getAllResponseHeaders() is returning "" (possibly jQuery is doing this?); and (2) the cookie in question isn't actually updated by the browser. I don't understand HTTP well enough to know why, though I can say the cookie is secure and hasn't expired. In any case, it's just frustrating that I can't get the value of Set-Cookie from the response header, as that's all I really care about (i.e., if the service even tries to set the cookie to LOGGEDOFF, that's what I want to know). Do you happen to know if this is for security? – Dan Tao Commented Aug 26, 2011 at 1:28

 |  Show 4 more ments

2 Answers 2

Sorted by: Reset to default 2

If you read the W3 XHR spec you'll see that they don't allow you to access the set-cookie response header via a getAllResponseHeaders('Set-Cookie') call.

See 4.7.3 The getResponseHeader() method:

Bullet point 3: "If header is a case-insensitive match for Set-Cookie or Set-Cookie2, return null."

http://www.w3/TR/XMLHttpRequest/#the-getallresponseheaders%28%29-method

jfriend00 also left this response in the ments above but I thought this question could use a legitimate answer.

If the document is from the same domain and path, use the document.cookie interface If the cookie has the http-only attribute set, it's inaccessible

本文标签： jqueryIs it possible to get the SetCookie value from an HTTP response header in JavaScriptStack Overflow