set-cookie header not being returned by javascript

Question

I am calling a RESTful web service provided by my client. Using CocoaRestClient (I'm on a mac), I can see multiple Set-Cookie headers being returned. However, when I try to retrieve these cookies in the response headers in my app (using PhoneGap), only the last set-cookie value is returned in the header.

CocoaRestClient shows the following cookies returned:

Set-Cookie: SMSESSION=YTpvYLPQOYNoZjqHb1fvOc37lrmYmj0yk2NO2meBWkd2Bf3SE+rNd2aiEI+vGNNkis82PZMuQklvQg8O0lFL0Qq0Wg13g7baJ784gqjPXXjNn5Mc6YxjWNIULxCy8cMP0/y7S4fYxLbr7CFv0g4Z9y+PaKMyCRGCydT7MwTIFUJZ7zRCr+hVo0HzA/uH+xi0fVNWVrN3mltnRSeBgePtBxBeh4hEIT725ufHsiq04HaaR4A9e+NKPdAOj8lZJf76Su+q/bwUU0qmlcnouDU4i5p4WGRC78w8tmBhmwH640UmPipXZSJBoccXmsB5hg4wr8fMMA5H1Z2mP35cYHNeAj12GaiYnlRpfEaRyTxroDYO0zJeYDIve6QV4aZu74erN1r0jsU7JPK408CYPhFG5VGtBRwd2Xq6iJDjVGMB7uIrxtnomtiUyX+AOHhMvj7b982D4PZrZkTACSWU+kfBhIb1/3ryLBuG4db3ICNDJtKuSlsykTI4g+wtRf3rOnylrmtstK7hyfGED/LpD7hqMDO51hZCkoobFHxUuxkxhj2Gh7KtH9DFFhpdbqPBzfadMFZC8kaVJlDkB8Ex5jRyqj7fpdmyVSUIO9FC+sG7Jew81EW1ZSJyjMopUrxirk0YNVuke9KePZxJdP8IRWa4hLGt2hAQDbe5gn3vRSMQgEZsRpCtSSF2gpUe1wuih7jR/UPutNjRzwm7AgTU3bI7Peg+glSMCf2zMeXtt7S+fLf6TIZtV3wJg8O3o2VzLtDvCuJwxArlO8tSW0FodIwD6pQTG9TiWiXs2vi7eHPq++Toh21lMONg1dS9jJbaPkdiIficA9jX6Jx8LrIWKAaHT+c4N43TuZ5AsLRD7dX/xar/ekglGHu0eh5jQF917KyLsa1rZJyJjS9zW8nSmm5dppbBdYIuSyOnEjVrPCinXmxXSMZ/3iaZvoRKBXajwsry0lHI5ZCehotKIP6z7I/u8iXrp6tcqk2xi+X7dyHJnzAIdvwcLv37RqVCcH/WUosb6/Swr2fpPfuqu+qiqCbbYbCZh+f7JDb0b/ONhMs/g5dWPqSDBV51+a6XXd5ZQM69f0vmCPMQxE/aDhRX26IRdqCngkrjSQl6YyfPsLs6+aXtcyWoQuirzvYFJwlI4PKxFv3QAiO8hwCHL9wSWv4cTk/fHKKXvqToL4fvwTJB4WFIkK9Tyv1NU2g//djPaX8jUlrdbchLDuYRfhfYhyKNBhOD6gb/tH30; path=/; domain=.abc.com; secure, ActiveResponse=""; path=/; domain=.abc.com; secure, SMIDENTITY=""; path=/; domain=.abc.com; secure, blueboxvalues=""; path=/; domain=.abc.com; secure, BHAROSA_TARGET5=""; path=/; domain=.abc.com; secure, BHAROSA_TARGET=""; path=/; domain=.abc.com; secure, sm_universalid=e0494209bb9a934c29e70fe09a1cc67Z; path=/; domain=.abc.com; secure, BHAROSA_APP_NAME=""; path=/; domain=.abc.com; secure, subscribed_services=SSOService^175; path=/; domain=.abc.com; secure, bharosaenrolled=""; path=/; domain=.abc.com; secure, AUTHRESPONSE=""; path=/; domain=.abc.com; secure

When using jquery post like so:

        var response = $.post(loginUrl, parameters, authenticateSuccess);

        function authenticateSuccess(html, textStatus, data) {
          alert("in authenticateSuccess()");
          console.log("headers: " + data.getAllResponseHeaders());
        }

the following log info is printed (note the single set-cookie line):

headers: date: Mon, 03 Jun 2013 14:27:28 GMT
    content-encoding: gzip
    x-mod-pagespeed: 1.0.22.7-2005
    content-length: 9372
    pragma: no-cache
    server: Apache
    vary: Accept-Encoding
    content-type: text/html
    cache-control: max-age=0, no-store, no-cache, must-revalidate
    set-cookie: AUTHRESPONSE=""; path=/; domain=.abc.com; secure
    accept-ranges: bytes     

I also tried using an ajax post and XMLHttpRequest. All do the same thing.

So why is only the last Set-cookie header being retrieved in the header?

This same question was apparently asked but never answered here: How to get two cookies back from jquery getResponseHeader('Set-Cookie') for Android

Thank you in advance.

Answer 1

The current state of standardizing the XMLHttpRequest API does only restrict the access to the Set-Cookie and Set-Cookie2 header fields:

client.getAllResponseHeaders()

Returns all headers from the response, with the exception of those whose field name is Set-Cookie or Set-Cookie2.