Why no `Set-Cookie` headers in response?

Question

I found sometimes browser can't get cookies from my website, so I use curl to check the headers, and the information is:

C:\Documents and Settings\jack>curl http://localhost -I
HTTP/1.1 200 OK
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: SCALAEYE_SESSION="a57cf8ebdfc379da91ad17d1d1eac706c25ae4c3-%3Citems%3E%3C%2Fitems%3E";Path=/
Set-Cookie: SCALAEYE_FLASH="%3Citems%3E%3C%2Fitems%3E";Path=/
Content-Length: 121665
Server: Jetty(6.1.26)

But when I use browsers IE6 and Firefox to visit, the headers are:

Response Headersview source
Date    Fri, 08 Apr 2011 08:48:09 GMT
Transfer-Encoding   chunked
Server  Jetty(6.1.26)

You can see there is no Set-Cookie header, which makes problems. My server is Jetty 6.1.26. Why they are different responses? Where is wrong? And how to fix it?

Answer 1

It could be that the cookie was already set and thus the Set-Cookie will not be included on the Response header.

See what the Request header looks like:

You can do this with network sniffing using Wireshark. Another great tool for this is the FireBug plugin: It allows you to check, set and delete cookies.

The final point is that your server controls the Set-Cookie header: If the browser does not provide the Cookie header, the server can decide to send a Set-Cookie. Then your browser decides to accept the by sending back a Cookie header for the server to use. If you have cookies disabled on the browser, it will not send back the Cookie header to the server.