I have two questions.
Question #1: What is the difference between HttpWebResponse.Cookies and WebResponse.Headers[“Set-Cookie”]? Is “WebResponse.Headers[“Set-Cookies”]” not valid http cookie?
Question #2: How to get the values of duplicated headers that have same name from HttpWebResponse?
Here is the raw response that I copied from Fiddle. As you can see, there is two headers with same name “Set-Cookie”. I always get the first one in HttpWebResponse. Is ” __utms” cookie from Google analytics?
HTTP/1.1 200 OK Date: Tue, 27 Dec 2011 09:47:53 GMT Chunk: 10210620 Set-Cookie: ASP.NET_SessionId=34ft0d45uboqv245bev2nwrj; path=/; HttpOnly Set-Cookie: __utms=A51743627D9238C3997BABD76D7D75; domain=ibc88.com; expires=Wed, 28-Dec-2011 09:47:53 GMT; path=/ Content-Type: text/html; charset=utf-8 Cache-Control: private, no-store Content-Length: 2543
Do you notice the
HttpOnlyflag in theASP.NET_SessionIdcookie? This flag basically indicates that this cookie cannot be read by clients. You are sending a client request using a WebRequest or a WebClient or whatever but you will never be able to read this cookie value. Only the server can read it. The client will store and send it on subsequent requests but you can never read its value.Jeff also blogged about HttpOnly.