I've been trying to post this for days, but MS seems to have a filter that
deletes my posts for some reason. I have a Fiddler log to show what I'm
talking about; maybe that's what it doesn't like, so I'll have to resort to a
description rather than details.
Our website has the option of distributing out the authentication authority
to our clients, so when a request comes to our site we look for a login
cookie and if we don't find it, we redirect over to the customer's login page.
That login page redirects the request back after login with an encrypted
token on the query string. We validate the token and then loop the request
back to itself. We do that for 2 reasons, 1 to drop the session login cookie
and the other to remove the token from the query string.
The problem is that on that last redirect, IE 7 is not presenting the
cookies we just set, so we think they have to log in again.
For example, if the request comes in as
Set-Cookie: LOGIN=our+cookie; path=/
Set-Cookie: BEENSEEN=We+know+him; domain=.machine.com; path=/
plus the usual ASP.Net redirect text.
The issue is that this last redirect comes back with no Cookie: header at
all. The browser didn't keep either of them. I thought it might be an issue
with the LOGIN cookie not explicitly setting the domain, but the BEENSEEN
cookie does, and it doesn't come up either.
As I said, I tried to post the Fiddler log demonstrating the issue, but the
MS nntp server seems to have a bot deleting posts it doesn't like. I'm
hoping this is washed down enough to get through.
Any tips would be appreciated.