Does HttpService:RequestAsync() Return Cookies

I’m a bit new to web development so I don’t know where cookies are stored when the client makes a request.

For context, I am attempting to create a webserver to store some player data for analytics. For authentication, I want to use cookies so that whenever I or someone else visits the website, they don’t have to repeatedly log in. Furthermore, this means that I will also use cookie-based authentication for the Roblox game server unless I figure out something that would work with tokens.

My question is as to whether cookies are returned by HttpService:RequestAsync(), and if these cookies are saved when the game server contacts my server for subsequent requests.

This is probably easier to accomplish by using a master token for the game servers and cookies for the browser and that may be what I end up doing but I’m wondering if using cookies for both is feasible.

If I was too vague in my explanation please let me know.

Cookies are useful for browser applications, since they’re handled basically automatically with document.cookie.

However, HttpService is not a browser, and only sends the headers that you give it. If your web server sends you a Set-Cookie in its response, its completely up to you to store that cookie in your game server somewhere (either locally or in a DataStore or something), and manually adding that Cookie header to subsequent requests.

I agree, or just use JWT for both so your server is less complex and you can use the same auth method for both game-server clients and browser clients.

Here is a pretty good article about cookies vs. tokens/JWT for authentication.

Edit: tl;dr:

Not unless you tell it to