I am trying to read an HttpOnly cookie through a WPF, VB.NET application.
The site in question, upon visit, serves 2 cookies: one HttpOnly, one regular.
I visit the site whose cookie I want to read via Internet Explorer. Then Developer tools --> Cache --> View cookie information. ONLY the regular cookie is shown there, not the HttpOnly one (Chrome displays both of them correctly. If I delete it and refresh, the site returns a 500 error so the cookie definitely exists).
I run my code, based on what is explained here: c# Get httponly cookie, which is as follows:
Private Const INTERNET_COOKIE_HTTPONLY As Integer = &H2000
<SuppressUnmanagedCodeSecurity, SecurityCritical, DllImport("wininet.dll", EntryPoint:="InternetGetCookieExW", SetLastError:=True, CharSet:=CharSet.Unicode, ExactSpelling:=True)>
Friend Shared Function InternetGetCookieEx(<[In]> Url As String, <[In]> cookieName As String, <Out> cookieData As StringBuilder, <[In], Out> ByRef pchCookieData As UInteger, flags As UInteger, reserved As IntPtr) As Boolean
End Function
<SecurityCritical()>
Public Shared Function GetCookie(url As String) As String
Dim size As Integer = 0
Dim sb As New StringBuilder
If InternetGetCookieEx(url, vbNullString, Nothing, size, INTERNET_COOKIE_HTTPONLY, IntPtr.Zero) Then '<-- this always returns false
If size <= 0 Then
Return Nothing
End If
sb = New StringBuilder(size + 1)
If Not InternetGetCookieEx(url, vbNullString, sb, size, INTERNET_COOKIE_HTTPONLY, IntPtr.Zero) Then
Return Nothing
End If
End If
Dim lastErrorCode = Marshal.GetLastWin32Error '<-- 259
Return sb.ToString()
End Function
GetCookie("https://www.xyz.com")
I have tried numerous variations of the above, the result is the same: lastErrorCode ALWAYS equals to 259, which in turn translates to ERROR_NO_MORE_ITEMS, meaning that no cookies have been found.
1) The site in question is in the trusted sites zone, so it doesn't work under protected mode.
2) The site is under SSL (I do not know if this has to do with anything).
3) I have desperately searched my hard disk for these cookies' location, to no avail.
4) Both are session cookies (ie no declared expiration date)
5) Windows 8 x64, IE10, VS2012
This is a tiny bit of a project milestone which has given me countless hours of pain, so any help will be greatly appreciated.
I am very willing to change my methodology completely as soon as it will give me this cookie's value, unless it's overkill (ie winpcap / fiddlercore etc.)