Is it possible for us to set a cookie in a response with an HTTP 204 (No content) status? I managed to set the Set-Cookie header while returning the 204 response (screenshot)
However, my browser does not seem to react to this.
My document.cookie does not yield what Set-Cookie wanted to do.
Had this same question. Found this link: 204 No Content and cookies - Erik's Code
What I found is that all major browsers, IE (6, 7, 8, 9, 10, 11), FF (6 - 29), Safari (5 - 7), Opera (12 - 22) on both windows and Mac, set cookies on 204 http responses.
They provide the test code and a demo page.
It won't be a problem of response status but the localhost domain. You'd better to use other domains to test cookies.
The main problem here is not the 204 response code, but the fact that your Set-Cookie directive marks the cookie as HttpOnly. This means that JavaScript cannot access this cookie; that is in fact the point of HttpOnly.
So your example should work, but you should not and cannot verify it with document.cookie. Alternatives include the web development tools / plugins in browsers ("FireBug" or similar), or testing if the cookie is returned on the server itself.
