WCF 4.0 Cookie Only First is Recorded by Browser

Question

I am working on the fastest way to write cookies from a WCF self hosted console app REST service with WebHttpBinding. I prepare the \"Set Cookies\" but only the first cookie

Answer 1

Although this is an older post, since this is still an ongoing issue and using the AspNetCompatibilityMode with WCF has significant performance downside, the option that MSFT has supplied is not viable under many/most/any circumstances. I'm going to answer this question late since this issue is still lingering.

The only way to resolve this issue is to output the Set-Cookie response header just as you've shown, but to process that response header on the client side with javascript and place it in to the browser since, as you've noted, the browser will not handle this response. Neither will applying more than one Set-Cookie response header work as noted in this bug I created.

http://connect.microsoft.com/VisualStudio/feedback/details/779111/wcf-rest-service-two-set-cookie-http-headers-invalid-set-cookie-header-syntax

So, process the response header and use document.cookie in client-side javascript to place the cookies in the browser within the success handler of your jQuery .ajax request.

Answer 2

To expand on @jeff-fischer 's answer, AspNetCompatibilityMode does work and requires the following:

AspNetCompatibilityRequirements is set for the service class to either Allowed or Required e.g.:

[AspNetCompatibilityRequirements(RequirementsMode
       = AspNetCompatibilityRequirementsMode.Allowed)]
public class AppService : IAppService

<serviceHostingEnvironment aspNetCompatibilityEnabled="true" /> is set in <system.serviceModel>

This then gives access to HttpContext (you'll need using System.Web; to get access to this) and cookies can be set using:

var aCookie = new HttpCookie("foo")
{
    HttpOnly = true,
    Value = "bar",
    Expires = DateTime.Now.AddDays(1)
};

HttpContext.Current.Response.Cookies.Add(aCookie);

This will then need to be run as an application on IIS rather than though the WCF launcher and if multiple cookies are set, multiple cookie headers will actually appear.