You can get headers from XMLHTTPRequest. This may help. Let me know if this is working.

$.ajax({
   type: 'POST',
   url:'url.do',
   data: formData,
   success: function(data, textStatus, XMLHttpRequest){
        var cookietoSet=XMLHttpRequest.getResponseHeader('Set-Cookie');

        Set_Cookie(cookietoSet.split('=')[0],cookietoSet.split('=')[1],expires, path, domain, secure)//change as per ur needs
   }
   error: function (XMLHttpRequest, textStatus, errorThrown) {
        alert(XMLHttpRequest.getResponseHeader('some_header'));
   }
  });




function Set_Cookie( name, value, expires, path, domain, secure )
{
// set time, it's in milliseconds
var today = new Date();
today.setTime( today.getTime() );

/*
if the expires variable is set, make the correct
expires time, the current script below will set
it for x number of days, to make it for hours,
delete * 24, for minutes, delete * 60 * 24
*/
if ( expires )
{
expires = expires * 1000 * 60 * 60 * 24;
}
var expires_date = new Date( today.getTime() + (expires) );

document.cookie = name + "=" +escape( value ) +
( ( expires ) ? ";expires=" + expires_date.toGMTString() : "" ) +
( ( path ) ? ";path=" + path : "" ) +
( ( domain ) ? ";domain=" + domain : "" ) +
( ( secure ) ? ";secure" : "" );
}

I think the real issue here is that if you have your browser's privacy/cookie settings set to paranoid then some browsers (at least FF & IE) seem to ignore XHR based Set-Cookie headers.

Here's a link to some FF help that may be useful for your users. http://support.mozilla.org/en-US/kb/fix-login-issues-on-websites-require-passwords

I wish there were a better answer/workaround for this 8(