Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

problems with session cookies in IE 7

microsoft.public.internetexplorer.general






Speedup My PC
Reply
  #1 (permalink)  
Old 01-14-2009
Mark
 

Posts: n/a
problems with session cookies in IE 7
Hi...

I've been trying to post this for days, but MS seems to have a filter that
deletes my posts for some reason. I have a Fiddler log to show what I'm
talking about; maybe that's what it doesn't like, so I'll have to resort to a
description rather than details.

Our website has the option of distributing out the authentication authority
to our clients, so when a request comes to our site we look for a login
cookie and if we don't find it, we redirect over to the customer's login page.

That login page redirects the request back after login with an encrypted
token on the query string. We validate the token and then loop the request
back to itself. We do that for 2 reasons, 1 to drop the session login cookie
and the other to remove the token from the query string.

The problem is that on that last redirect, IE 7 is not presenting the
cookies we just set, so we think they have to log in again.

For example, if the request comes in as
http://test.machine.com/test.aspx?pa...token=blahblah,

We respond
Location: http://test.machine.com?param=a
Set-Cookie: LOGIN=our+cookie; path=/
Set-Cookie: BEENSEEN=We+know+him; domain=.machine.com; path=/
Cache-Control: private

plus the usual ASP.Net redirect text.

The issue is that this last redirect comes back with no Cookie: header at
all. The browser didn't keep either of them. I thought it might be an issue
with the LOGIN cookie not explicitly setting the domain, but the BEENSEEN
cookie does, and it doesn't come up either.

As I said, I tried to post the Fiddler log demonstrating the issue, but the
MS nntp server seems to have a bot deleting posts it doesn't like. I'm
hoping this is washed down enough to get through.

Any tips would be appreciated.

Thanks
Mark

Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 01-14-2009
Mark
 

Posts: n/a
RE: problems with session cookies in IE 7
Another tidbit of information...

I changed the code to explicitly set the domain for the LOGIN cookie and put
it up on a staging server (so now it has domain=.machine.com), and that
didn't improve things. IE 7 still won't present the cookies that were set on
the redirect.

One other thing I noticed that's different from a lot of our other
deployments is that the domain for those local cookies is the same as all of
our in-office lan computers. Are there weird conditions about setting
session cookies to a domain you're a member of? Does IE just ignore those?

Thanks
Mark


"Mark" wrote:

> Hi...
>
> I've been trying to post this for days, but MS seems to have a filter that
> deletes my posts for some reason. I have a Fiddler log to show what I'm
> talking about; maybe that's what it doesn't like, so I'll have to resort to a
> description rather than details.
>
> Our website has the option of distributing out the authentication authority
> to our clients, so when a request comes to our site we look for a login
> cookie and if we don't find it, we redirect over to the customer's login page.
>
> That login page redirects the request back after login with an encrypted
> token on the query string. We validate the token and then loop the request
> back to itself. We do that for 2 reasons, 1 to drop the session login cookie
> and the other to remove the token from the query string.
>
> The problem is that on that last redirect, IE 7 is not presenting the
> cookies we just set, so we think they have to log in again.
>
> For example, if the request comes in as
> http://test.machine.com/test.aspx?pa...token=blahblah,
>
> We respond
> Location: http://test.machine.com?param=a
> Set-Cookie: LOGIN=our+cookie; path=/
> Set-Cookie: BEENSEEN=We+know+him; domain=.machine.com; path=/
> Cache-Control: private
>
> plus the usual ASP.Net redirect text.
>
> The issue is that this last redirect comes back with no Cookie: header at
> all. The browser didn't keep either of them. I thought it might be an issue
> with the LOGIN cookie not explicitly setting the domain, but the BEENSEEN
> cookie does, and it doesn't come up either.
>
> As I said, I tried to post the Fiddler log demonstrating the issue, but the
> MS nntp server seems to have a bot deleting posts it doesn't like. I'm
> hoping this is washed down enough to get through.
>
> Any tips would be appreciated.
>
> Thanks
> Mark
>

Reply With Quote
  #3 (permalink)  
Old 01-14-2009
Mark
 

Posts: n/a
RE: problems with session cookies in IE 7
I've worked up a reproducible case, but the usenet bot doesn't seem to like
me posting it.

The odd part is that the exact same code running on xp with IIS 5.1 works
with IE 7. Running on W2003/IIS 6.0 requested by IE 7 doesn't work (the
cookies get lost).

The differences seem to be the value of the Server: header and the
Connection: close header (IIS 5.1 doesn't drop it). Other than that, the
request/responses look the same - only in one case IE 7 remembers the cookies
and the other it doesn't.

Thanks
Mark

"Mark" wrote:

> Another tidbit of information...
>
> I changed the code to explicitly set the domain for the LOGIN cookie and put
> it up on a staging server (so now it has domain=.machine.com), and that
> didn't improve things. IE 7 still won't present the cookies that were set on
> the redirect.
>
> One other thing I noticed that's different from a lot of our other
> deployments is that the domain for those local cookies is the same as all of
> our in-office lan computers. Are there weird conditions about setting
> session cookies to a domain you're a member of? Does IE just ignore those?
>
> Thanks
> Mark
>
>
> "Mark" wrote:
>
> > Hi...
> >
> > I've been trying to post this for days, but MS seems to have a filter that
> > deletes my posts for some reason. I have a Fiddler log to show what I'm
> > talking about; maybe that's what it doesn't like, so I'll have to resort to a
> > description rather than details.
> >
> > Our website has the option of distributing out the authentication authority
> > to our clients, so when a request comes to our site we look for a login
> > cookie and if we don't find it, we redirect over to the customer's login page.
> >
> > That login page redirects the request back after login with an encrypted
> > token on the query string. We validate the token and then loop the request
> > back to itself. We do that for 2 reasons, 1 to drop the session login cookie
> > and the other to remove the token from the query string.
> >
> > The problem is that on that last redirect, IE 7 is not presenting the
> > cookies we just set, so we think they have to log in again.
> >
> > For example, if the request comes in as
> > http://test.machine.com/test.aspx?pa...token=blahblah,
> >
> > We respond
> > Location: http://test.machine.com?param=a
> > Set-Cookie: LOGIN=our+cookie; path=/
> > Set-Cookie: BEENSEEN=We+know+him; domain=.machine.com; path=/
> > Cache-Control: private
> >
> > plus the usual ASP.Net redirect text.
> >
> > The issue is that this last redirect comes back with no Cookie: header at
> > all. The browser didn't keep either of them. I thought it might be an issue
> > with the LOGIN cookie not explicitly setting the domain, but the BEENSEEN
> > cookie does, and it doesn't come up either.
> >
> > As I said, I tried to post the Fiddler log demonstrating the issue, but the
> > MS nntp server seems to have a bot deleting posts it doesn't like. I'm
> > hoping this is washed down enough to get through.
> >
> > Any tips would be appreciated.
> >
> > Thanks
> > Mark
> >

Reply With Quote
  #4 (permalink)  
Old 01-18-2009
Robert Aldwinckle
 

Posts: n/a
Re: problems with session cookies in IE 7

"Mark" <mmodrall@nospam.nospam> wrote in message news:C231726A-578C-471D-B98A-0F751A3A9ECA@microsoft.com...
> Hi...
>
> I've been trying to post this for days, but MS seems to have a filter that
> deletes my posts for some reason. I have a Fiddler log to show what I'm
> talking about; maybe that's what it doesn't like, so I'll have to resort to a
> description rather than details.
>
> Our website has the option of distributing out the authentication authority
> to our clients, so when a request comes to our site we look for a login
> cookie and if we don't find it, we redirect over to the customer's login page.
>
> That login page redirects the request back after login with an encrypted
> token on the query string. We validate the token and then loop the request
> back to itself. We do that for 2 reasons, 1 to drop the session login cookie
> and the other to remove the token from the query string.
>


> The problem is that on that last redirect, IE 7 is not presenting the
> cookies we just set, so we think they have to log in again.



On which OS?

E.g. if it is Vista see if information in this article would
help refine your symptom description:

(ignore the title)
http://support.microsoft.com/kb/932118

(Search of Microsoft Support for
session coookies "internet explorer"
)


Tip: You could use ProcMon to check some of the details
the article refers to.


Good luck

Robert Aldwinckle
---


>
> For example, if the request comes in as
> http://test.machine.com/test.aspx?pa...token=blahblah,
>
> We respond
> Location: http://test.machine.com?param=a
> Set-Cookie: LOGIN=our+cookie; path=/
> Set-Cookie: BEENSEEN=We+know+him; domain=.machine.com; path=/
> Cache-Control: private
>
> plus the usual ASP.Net redirect text.
>
> The issue is that this last redirect comes back with no Cookie: header at
> all. The browser didn't keep either of them. I thought it might be an issue
> with the LOGIN cookie not explicitly setting the domain, but the BEENSEEN
> cookie does, and it doesn't come up either.
>
> As I said, I tried to post the Fiddler log demonstrating the issue, but the
> MS nntp server seems to have a bot deleting posts it doesn't like. I'm
> hoping this is washed down enough to get through.
>
> Any tips would be appreciated.
>
> Thanks
> Mark
>



Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Session cookies enabled but bank website says they are not Maree microsoft.public.internetexplorer.general 4 09-27-2009 17:26
Re: Cookies blocked. Must accept all cookies to Sign In Joe microsoft.public.internetexplorer.general 1 01-07-2009 22:43
IE7 cookies/session/connection problem sean microsoft.public.internetexplorer.general 3 12-09-2008 16:54
Session/cookie problems SharkD microsoft.public.internetexplorer.general 2 09-27-2008 19:57
Re: IE7 allow cookies for session Jason microsoft.public.internetexplorer.general 2 09-21-2008 02:16




All times are GMT +1. The time now is 21:40.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120