未保存Cookies

我有两个子域名，local-api.domain.com和local-web.domain.com

local-web.domain.com有一个页面local-web.domain.com/test/authtest，通过AJAX调用local-api.domain.com/authentication/login on local-api.domain.com上的登录服务。登录将检查用户发布的凭据，如果这些凭据有效，则通过ASP.Net forms auth将用户登录。以下是从服务返回的原始响应示例：

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Set-Cookie: token=dsaaflkdaflkxEfrLEUH2Bsfdsjfdksfjdsklfj; expires=Sat, 11 Jan 2014 00:16:04 GMT; domain=.domain.com; path=/; httponly
Access-Control-Allow-Origin: http://local-web.domain.com
Access-Control-Allow-Credentials: true
Set-Cookie: .ASPXAUTH=E18F1521FFF70FDFD60444F6EA791D28DDF1010F907D35DD13CDA7E2698CE9DCFB50A25853A5BCFEA0E21820A0760D8412D517548F59344EDDA052DD6D7BD7DDB1D47D011F2EFE3B58B6B2690B370D54C560FC6FA3B0990190E0CB8A8B4CC80BEA925CA928256C78C502E74444566785C95EDC399777B3CB0D2AAFFD219B3ED5; domain=.domain.com; path=/; HttpOnly
Set-Cookie: Visitor=acfbc21b-6259-4000-809d-7dbc72db8309; domain=.domain.com; expires=Sat, 10-Jan-2015 00:16:04 GMT; path=/; HttpOnly
Set-Cookie: Visit=78406825-adf1-4224-af57-0350136a5fc6; domain=.domain.com; path=/; HttpOnly
Set-Cookie: Culture=en; domain=.domain.com; expires=Sat, 10-Jan-2015 00:16:04 GMT; path=/; HttpOnly
Date: Fri, 10 Jan 2014 00:16:04 GMT
Content-Length: 122

{"token":"dsaaflkdaflkxEfrLEUH2Bsfdsjfdksfjdsklfj","firstName":"Steve","lastName":"Smith"}

但是，当我重新加载页面时；我发现响应中设置的cookie不存在。对Chrome开发者工具的进一步调查发现，在登录响应之后，cookie甚至没有被保存；即使有一个设置的Cookie头

---

我不确定我做错了什么。浏览网站上的类似问题及其回答；我相信我已经为保存cookie和在我的子域中重新发送cookie做好了一切准备。在谷歌上搜索了一个小时，但什么也没找到。有什么想法吗？

复制在Charles代理申请上

在冲突cookie上用httponly替换httponly效果不错

我想这就是问题所在