I have an app that sends a username and password to an API via HTTPS. The API returns HTTPOnly cookies.
This means that the cookies are "invisible" to the code, but still exist and will be sent to the server in subsequent requests.
The Set-Cookie
header is stripped from the HttpWebResponse.Headers
and the cookie does not appear in the HttpWebResponse.Cookie
s or the HttpWebRequest.CookieContainer
. However, if a subsequent request is made using that same HttpWebRequest.CookieContainer
they are sent to the server, but they are inaccessible to the code.
As far as I can tell, this makes them impossible to serialize or preserve in any way. It seems the only way to make this work will be to cache the actual username and password and login again every time.
Is there something I am missing?
You'll have to use reflection to take a look at the Cookies stored in the cookie container.
Use something like this to have a look at what you have, then you can either try to subclass to gain access to the data you want or go through the process of storing the cookie in memory, deleting it from the container, then adding it as a normal cookie
You can also try using TCP Sockets to get the cookies directly. Here's my answer for a similar question: https://stackoverflow.com/a/21737087/262036
Once you get the response you parse the string in search for the cookie and grab the value. After that you can create a new cookie in the CookieContainer that is not HttpOnly and use it in next requests.