I'm working on an intranet system (.NET 3.5); the main pages are served up from a standard ASP.NET server. I would like to use Ajax on those pages to contact a WCF service running on a different machine, to retrieve data, do CRUD operations - the usual Ajax stuff.
The problem I'm trying to resolve is: can I take cookies which were set by the ASP.NET server, and include them on requests to the WCF service? If so, how?
My understanding is that JSONP bypasses XSS restrictions by "wrapping" the Ajax request within a standard <script src="MyAjaxCall?SomeData=SomeValue"> tag. With that in mind, it would seem I'm at the mercy of the browser as to which cookies (if any) will be included in MyAjaxCall. Since the cookies originate from the ASP.NET server, the browser likely won't include them in the call to WCF.
Since this is an intranet application, I cannot necessarily rely on domain wildcarding (*.mydomain.com) to make sure the cookies are shared across multiple machines - the client may well be accessing machines by their simple network name or even IP address directly.
edit: accepting Julian's answer, since using JS to manually grab a cookie's payload and jam it onto the URL seems like the only way to work-around the restriction (tho it feels somewhat inelegant :)