There are a couple of new Cookie flags introduced with the Internet Explorer 8 WinInet.dll. The INTERNET_COOKIE_HTTPONLY flag allows you to read the HttpOnly cookies in your WinInet Code. This flag is documented here: http://msdn.microsoft.com/en-us/library/aa384714(VS.85).aspx. As always, I like to see examples of how this flag works!
Here is a sample ASPX page to create some standard and httponly cookies:
aspx code listing for sample (Copy Code):
When you run this page you will note InternetExplorer jscript will not allow you to read the value of MyHttpOnlyCookie. This new flag will allow you to read that cookie from code however!
To investigate this I decided to use my favorite sample ‘httpauth’ from the Platform SDK.
I added this code to the end of the function, just before closing the handles (note the empty error conditions that you need to fill in):
C++ code listing for sample (Copy Code):
I put the page to write the cookies on one of my servers and pointed the httpauth.exe to that page. This code works fine and does read the HttpOnly cookie. Try and remove the flag and you will see the call fail!
Let me know if this was a help to you!