jQuery/Ajax requests on a Cross Site server don't use the (auth) cookie set on that server

We have a web page that gets data from another server. The page is loaded "locally" (i.e. from the file system, this web app will be placed inside a phonegap application and so we simulate it into firefox/chrome by loading it from the file:// url), and uses jquery and ajax to retrieve data from a server. The server seems configured to respect the CORS standard (http://www.w3.org/TR/cors/ i.e. we set headers such as Access-Control-Allow-Origin, Access-Control-Allow-Credentials and Access-Control-Max-Age) but notheless, it seems that the session cookie that the server set i开发者_JAVA技巧s never read nor passed back to the server. And if we create "by hand" a session on the server (i.e. issuing the requests on the address bar so that the server sets a cookie on the client) and then we open the aforementioned page, that cookie is never passed back to the server in the Ajax requests.

Any hint on what could be possibly wrong?

What browser are you testing this in? IE and Safari have peculiar rules as to what responses they will allow to set cookies, especially when they are made from a page host locally. Have you tested this page on some domain that is not a local filesystem?

For IE, you will need to configure the P3P headers of the server. For Safari, you will have to browse to the url of the server before it allows any requests made from a page of a different domain to set cookies.

Are you trying to set a cookie from a frame or IFrame?

Your problem might be related to third-party cookie-policy. I found out that setting the following P3P-headers at the webserver helps in most cases:

P3P: CP=NOI NID NOR

This solution won't work on Safari, but works fine on IE & Firefox. Since your app targets the IPhone, it may not solve your problem.