Preserving HTTPOnly cookies on Windows Phone

Question

I have an app that sends a username and password to an API via HTTPS. The API returns HTTPOnly cookies.

This means that the cookies are "invisible" to the code, but still exist and will be sent to the server in subsequent requests.

The Set-Cookie header is stripped from the HttpWebResponse.Headers and the cookie does not appear in the HttpWebResponse.Cookie s or the HttpWebRequest.CookieContainer . However, if a subsequent request is made using that same HttpWebRequest.CookieContainer they are sent to the server, but they are inaccessible to the code.

As far as I can tell, this makes them impossible to serialize or preserve in any way. It seems the only way to make this work will be to cache the actual username and password and login again every time.

Is there something I am missing?

Answer 1

You'll have to use reflection to take a look at the Cookies stored in the cookie container.

Use something like this to have a look at what you have, then you can either try to subclass to gain access to the data you want or go through the process of storing the cookie in memory, deleting it from the container, then adding it as a normal cookie

    public List<Cookie> GetAllCookies(CookieContainer cc)
    {
        List<Cookie> lstCookies = new List<Cookie>();

        Hashtable table = (Hashtable)cc.GetType().InvokeMember("m_domainTable", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.GetField | System.Reflection.BindingFlags.Instance, null, cc, new object[] { });

        foreach (var pathList in table.Values)
        {
            SortedList lstCookieCol = (SortedList)pathList.GetType().InvokeMember("m_list", System.Reflection.BindingFlags.NonPublic | System.Reflection.BindingFlags.GetField | System.Reflection.BindingFlags.Instance, null, pathList, new object[] { });
            foreach (CookieCollection colCookies in lstCookieCol.Values)
                foreach (Cookie c in colCookies) lstCookies.Add(c);
        }

        return lstCookies;
    }
    public string ShowAllCookies(CookieContainer cc)
    {
        StringBuilder sb = new StringBuilder();
        List<Cookie> lstCookies = GetAllCookies(cc);
        sb.AppendLine("=========================================================== ");
        sb.AppendLine(lstCookies.Count + " cookies found.");
        sb.AppendLine("=========================================================== ");
        int cpt = 1;
        foreach (Cookie c in lstCookies)
            sb.AppendLine("#" + cpt++ + "> Name: " + c.Name + "\tValue: " + c.Value + "\tDomain: " + c.Domain + "\tPath: " + c.Path + "\tExp: " + c.Expires.ToString());

        return sb.ToString();
    }

Answer 2

You can also try using TCP Sockets to get the cookies directly. Here's my answer for a similar question: https://stackoverflow.com/a/21737087/262036

Once you get the response you parse the string in search for the cookie and grab the value. After that you can create a new cookie in the CookieContainer that is not HttpOnly and use it in next requests.