Why no `Set-Cookie` headers in response?
I found sometimes browser can't get cookies from my website, so I use curl to check the headers, and the information is:
C:\Documents and Settings\jack>curl http://localhost -I
HTTP/1.1 200 OK
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: SCALAEYE_SESSION="a57cf8ebdfc379da91ad17d1d1eac706c25ae4c3-%3Citems%3E%3C%2Fitems%3E";Path=/
Set-Cookie: SCALAEYE_FLASH="%3Citems%3E%3C%2Fitems%3E";Path=/
Content-Length: 121665
Server: Jetty(6.1.26)
But when I use browsers IE6 and Firefox to visit, the headers are:
Response Headersview source
Date Fri, 08 Apr 2011 08:48:09 GMT
Transfer-Encoding chunked
Server Jetty(6.1.26)
You can see there is no Set-Cookie header, which makes problems. My server is Jetty 6.1.26. Why they are different responses? Where is wrong? And how to fix it?
Answer
It could be that the cookie was already set and thus the Set-Cookie will not be included on the Response header.
See what the Request header looks like:
You can do this with network sniffing using Wireshark. Another great tool for this is the FireBug plugin: It allows you to check, set and delete cookies.
The final point is that your server controls the Set-Cookie header: If the browser does not provide the Cookie header, the server can decide to send a Set-Cookie. Then your browser decides to accept the by sending back a Cookie header for the server to use. If you have cookies disabled on the browser, it will not send back the Cookie header to the server.