Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Cookies not being sent for local addresses that are not localhost

microsoft.public.internetexplorer.general






Speedup My PC
Reply
  #1 (permalink)  
Old 10-22-2009
Chris Simmons
 

Posts: n/a
Cookies not being sent for local addresses that are not localhost
I am noticing a behavior that seems unexpected. Specifically, when hitting a
website that is on the local machine (127.0.0.1), IE8 is not storing the
cookies from the website if the site address is not:
1. localhost
2. 127.0.0.1
3. The full true DNS name of the machine (e.g. mymachine.mydomain.com)

I am probably answering my own question here (I'm guessing this is some
cookie security thing), but I guess I'd just like to see if this is a known
issue/feature of IE. This behavior is not present in Firefox.

If this is confusing, let me set up the scenario:

I develop web applications on a workstation running Windows Server 2008. As
I need to develop for multiple differing websites, I have corresponding local
websites set up on the local IIS, differentiated by hostname. So, for
example, I can have these websites all set up on my local machine:

http://bob
http://mary
http://john

I have "bob", "mary", and "john" all set up in my hosts file to point to
127.0.0.1. When I launch any of these addresses in a browser, the request
will loop back to the local machine and IIS will sort out which website to
launch based on the host name, "bob", "mary" or "john".

By default, there is also a default website that will accept requests for
"localhost", "127.0.0.1", or the full DNS name of the local machine. This
can be a completely separate website or can be one of the three listed above.

(My apologies if this is "Duh!" material ... I'm just setting up the scenario)

OK, so when I launch any of the above sites, all works fine, EXCEPT when the
site tries to set a cookie on the browser. If, for example, an application
on http://bob sets a cookie, the browser will not save it and return it to
the web server on subsequent requests. I have verified this in ieHTTPHeaders.

However, normal cookie operation works fine if I hit a site on
http://localhost or http://127.0.0.1 or http://mymachine.mydomain.com

As stated above, this behavior only appears in Internet Explorer (I am using
IE8, if it matters). Firefox and Safari both persist cookies for any local
site.

Does anyone know why this behavior exists?

Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 10-22-2009
rob^_^
 

Posts: n/a
Re: Cookies not being sent for local addresses that are not localhost
Hi Chris,

You are asking for trouble developing on a server (they should be behind
locked doors with no keyboard, screen or mouse, no physical access). I
suppose that you have logged on as Administrator?

Your testing scenario is unrealistic and misleading. Hop on a client machine
and test from there.

Probably, your IE browser does not have permissions for the user internet
cache. Different browsers do no share their cache.



Regards.

"Chris Simmons" <Chris Simmons@discussions.microsoft.com> wrote in message
news:94DCBB32-6D71-457A-9041-A4FBAF418F07@microsoft.com...
> I am noticing a behavior that seems unexpected. Specifically, when
> hitting a
> website that is on the local machine (127.0.0.1), IE8 is not storing the
> cookies from the website if the site address is not:
> 1. localhost
> 2. 127.0.0.1
> 3. The full true DNS name of the machine (e.g. mymachine.mydomain.com)
>
> I am probably answering my own question here (I'm guessing this is some
> cookie security thing), but I guess I'd just like to see if this is a
> known
> issue/feature of IE. This behavior is not present in Firefox.
>
> If this is confusing, let me set up the scenario:
>
> I develop web applications on a workstation running Windows Server 2008.
> As
> I need to develop for multiple differing websites, I have corresponding
> local
> websites set up on the local IIS, differentiated by hostname. So, for
> example, I can have these websites all set up on my local machine:
>
> http://bob
> http://mary
> http://john
>
> I have "bob", "mary", and "john" all set up in my hosts file to point to
> 127.0.0.1. When I launch any of these addresses in a browser, the request
> will loop back to the local machine and IIS will sort out which website to
> launch based on the host name, "bob", "mary" or "john".
>
> By default, there is also a default website that will accept requests for
> "localhost", "127.0.0.1", or the full DNS name of the local machine. This
> can be a completely separate website or can be one of the three listed
> above.
>
> (My apologies if this is "Duh!" material ... I'm just setting up the
> scenario)
>
> OK, so when I launch any of the above sites, all works fine, EXCEPT when
> the
> site tries to set a cookie on the browser. If, for example, an
> application
> on http://bob sets a cookie, the browser will not save it and return it to
> the web server on subsequent requests. I have verified this in
> ieHTTPHeaders.
>
> However, normal cookie operation works fine if I hit a site on
> http://localhost or http://127.0.0.1 or http://mymachine.mydomain.com
>
> As stated above, this behavior only appears in Internet Explorer (I am
> using
> IE8, if it matters). Firefox and Safari both persist cookies for any
> local
> site.
>
> Does anyone know why this behavior exists?
>

Reply With Quote
  #3 (permalink)  
Old 10-22-2009
Chris Simmons
 

Posts: n/a
Re: Cookies not being sent for local addresses that are not localh
Hey Rob:

Thanks so much for the response. I guess I need to clarify.

While I'm developing on a server *OS*, it's not a server, per se. It is my
normal workstation sitting on my desk, except instead of a workstation OS, it
has a server OS. The reason for this (if it matters) is that in addition to
ASP.NET web applications, my group needs to develop software for IIS7. Since
our corporate information management department does not support Vista or
Windows 7, our only option is to develop on Server 2008. Agreed, development
on-server can be ... interesting.

That said, as part of my development duties, I need to be able to use the
machine as though it were a client. This issue never came up when we were
using XP as it was limited to one local site. When we got these new OS's, it
only seemed natural to set up multiple development sites to mirror the
multiple sites that we have to maintain (I never understood why they didn't
allow this with XP and thankfully, they removed that limitation in Vista).
So anyway, the next natural thing was to differentiate these sites based on
host-header. So, for example, if we have a site called
http://site001.domain.com, we'd set up a local site called
http://site001_local. And so on with site002, 003, etc.

So yes, I'm logged in as an administrator. And using a client machine to
test an application as change-after-change is made is not conducive to rapid
application development. Of course, the application is eventually tested on
client machines, however you you still want to be able to do development
testing completely locally.

Ultimately, I can still separate out by site based on port number. But if
you separate out by host header, it flat-out doesn't work. I just wondered
if this was a known thing. I'd like to use http://local_site1,
http://local_site2, etc. but I can use ports if need be.

(Forgive me, I know that this is an IE group and I've blathered on about
IIS, Server 2008, etc.)

--
Thanks,
Chris Simmons


"rob^_^" wrote:

> Hi Chris,
>
> You are asking for trouble developing on a server (they should be behind
> locked doors with no keyboard, screen or mouse, no physical access). I
> suppose that you have logged on as Administrator?
>
> Your testing scenario is unrealistic and misleading. Hop on a client machine
> and test from there.
>
> Probably, your IE browser does not have permissions for the user internet
> cache. Different browsers do no share their cache.
>
>
>
> Regards.
>
> "Chris Simmons" <Chris Simmons@discussions.microsoft.com> wrote in message
> news:94DCBB32-6D71-457A-9041-A4FBAF418F07@microsoft.com...
> > I am noticing a behavior that seems unexpected. Specifically, when
> > hitting a
> > website that is on the local machine (127.0.0.1), IE8 is not storing the
> > cookies from the website if the site address is not:
> > 1. localhost
> > 2. 127.0.0.1
> > 3. The full true DNS name of the machine (e.g. mymachine.mydomain.com)
> >
> > I am probably answering my own question here (I'm guessing this is some
> > cookie security thing), but I guess I'd just like to see if this is a
> > known
> > issue/feature of IE. This behavior is not present in Firefox.
> >
> > If this is confusing, let me set up the scenario:
> >
> > I develop web applications on a workstation running Windows Server 2008.
> > As
> > I need to develop for multiple differing websites, I have corresponding
> > local
> > websites set up on the local IIS, differentiated by hostname. So, for
> > example, I can have these websites all set up on my local machine:
> >
> > http://bob
> > http://mary
> > http://john
> >
> > I have "bob", "mary", and "john" all set up in my hosts file to point to
> > 127.0.0.1. When I launch any of these addresses in a browser, the request
> > will loop back to the local machine and IIS will sort out which website to
> > launch based on the host name, "bob", "mary" or "john".
> >
> > By default, there is also a default website that will accept requests for
> > "localhost", "127.0.0.1", or the full DNS name of the local machine. This
> > can be a completely separate website or can be one of the three listed
> > above.
> >
> > (My apologies if this is "Duh!" material ... I'm just setting up the
> > scenario)
> >
> > OK, so when I launch any of the above sites, all works fine, EXCEPT when
> > the
> > site tries to set a cookie on the browser. If, for example, an
> > application
> > on http://bob sets a cookie, the browser will not save it and return it to
> > the web server on subsequent requests. I have verified this in
> > ieHTTPHeaders.
> >
> > However, normal cookie operation works fine if I hit a site on
> > http://localhost or http://127.0.0.1 or http://mymachine.mydomain.com
> >
> > As stated above, this behavior only appears in Internet Explorer (I am
> > using
> > IE8, if it matters). Firefox and Safari both persist cookies for any
> > local
> > site.
> >
> > Does anyone know why this behavior exists?
> >

Reply With Quote
  #4 (permalink)  
Old 10-22-2009
Chris Simmons
 

Posts: n/a
Re: Cookies not being sent for local addresses that are not localh
Oh, and not that I expected IE and FF to actually share cookies. Just that I
figured both browsers would behave the same when it came to cookies.

--
Thanks,
Chris Simmons


"rob^_^" wrote:

> Hi Chris,
>
> You are asking for trouble developing on a server (they should be behind
> locked doors with no keyboard, screen or mouse, no physical access). I
> suppose that you have logged on as Administrator?
>
> Your testing scenario is unrealistic and misleading. Hop on a client machine
> and test from there.
>
> Probably, your IE browser does not have permissions for the user internet
> cache. Different browsers do no share their cache.
>
>
>
> Regards.
>
> "Chris Simmons" <Chris Simmons@discussions.microsoft.com> wrote in message
> news:94DCBB32-6D71-457A-9041-A4FBAF418F07@microsoft.com...
> > I am noticing a behavior that seems unexpected. Specifically, when
> > hitting a
> > website that is on the local machine (127.0.0.1), IE8 is not storing the
> > cookies from the website if the site address is not:
> > 1. localhost
> > 2. 127.0.0.1
> > 3. The full true DNS name of the machine (e.g. mymachine.mydomain.com)
> >
> > I am probably answering my own question here (I'm guessing this is some
> > cookie security thing), but I guess I'd just like to see if this is a
> > known
> > issue/feature of IE. This behavior is not present in Firefox.
> >
> > If this is confusing, let me set up the scenario:
> >
> > I develop web applications on a workstation running Windows Server 2008.
> > As
> > I need to develop for multiple differing websites, I have corresponding
> > local
> > websites set up on the local IIS, differentiated by hostname. So, for
> > example, I can have these websites all set up on my local machine:
> >
> > http://bob
> > http://mary
> > http://john
> >
> > I have "bob", "mary", and "john" all set up in my hosts file to point to
> > 127.0.0.1. When I launch any of these addresses in a browser, the request
> > will loop back to the local machine and IIS will sort out which website to
> > launch based on the host name, "bob", "mary" or "john".
> >
> > By default, there is also a default website that will accept requests for
> > "localhost", "127.0.0.1", or the full DNS name of the local machine. This
> > can be a completely separate website or can be one of the three listed
> > above.
> >
> > (My apologies if this is "Duh!" material ... I'm just setting up the
> > scenario)
> >
> > OK, so when I launch any of the above sites, all works fine, EXCEPT when
> > the
> > site tries to set a cookie on the browser. If, for example, an
> > application
> > on http://bob sets a cookie, the browser will not save it and return it to
> > the web server on subsequent requests. I have verified this in
> > ieHTTPHeaders.
> >
> > However, normal cookie operation works fine if I hit a site on
> > http://localhost or http://127.0.0.1 or http://mymachine.mydomain.com
> >
> > As stated above, this behavior only appears in Internet Explorer (I am
> > using
> > IE8, if it matters). Firefox and Safari both persist cookies for any
> > local
> > site.
> >
> > Does anyone know why this behavior exists?
> >

Reply With Quote
  #5 (permalink)  
Old 10-23-2009
rob^_^
 

Posts: n/a
Re: Cookies not being sent for local addresses that are not localh
Hi Chris,

The short answer is no, I don't know of any documentation about why
localhost cookies would be blocked automatically on IIS7, unless you have
disabled cookies on the server (which you have already tested as not so).

What happens when you launch your site(s) from Visual Studio in debug mode?
(uses ASP.net User account) Surely that is the way to go to get a handle
what is happening.

I can't comment myself as I have my own Lab setup with a server and
Vista/7/XP clients. I am developing on Vista with IIS7 but publish to IIS6
for production. All cookie manipulation is client side.

Have you tried inspecting your cookies from the Client IE window. Type
javascript:alert(document.cookies.length);alert(do cument.cookies[0]);

Regards.

"Chris Simmons" <ChrisSimmons@discussions.microsoft.com> wrote in message
news:14317CD2-0885-4C22-8015-65654871DA6D@microsoft.com...
> Oh, and not that I expected IE and FF to actually share cookies. Just
> that I
> figured both browsers would behave the same when it came to cookies.
>
> --
> Thanks,
> Chris Simmons
>
>
> "rob^_^" wrote:
>
>> Hi Chris,
>>
>> You are asking for trouble developing on a server (they should be behind
>> locked doors with no keyboard, screen or mouse, no physical access). I
>> suppose that you have logged on as Administrator?
>>
>> Your testing scenario is unrealistic and misleading. Hop on a client
>> machine
>> and test from there.
>>
>> Probably, your IE browser does not have permissions for the user internet
>> cache. Different browsers do no share their cache.
>>
>>
>>
>> Regards.
>>
>> "Chris Simmons" <Chris Simmons@discussions.microsoft.com> wrote in
>> message
>> news:94DCBB32-6D71-457A-9041-A4FBAF418F07@microsoft.com...
>> > I am noticing a behavior that seems unexpected. Specifically, when
>> > hitting a
>> > website that is on the local machine (127.0.0.1), IE8 is not storing
>> > the
>> > cookies from the website if the site address is not:
>> > 1. localhost
>> > 2. 127.0.0.1
>> > 3. The full true DNS name of the machine (e.g. mymachine.mydomain.com)
>> >
>> > I am probably answering my own question here (I'm guessing this is some
>> > cookie security thing), but I guess I'd just like to see if this is a
>> > known
>> > issue/feature of IE. This behavior is not present in Firefox.
>> >
>> > If this is confusing, let me set up the scenario:
>> >
>> > I develop web applications on a workstation running Windows Server
>> > 2008.
>> > As
>> > I need to develop for multiple differing websites, I have corresponding
>> > local
>> > websites set up on the local IIS, differentiated by hostname. So, for
>> > example, I can have these websites all set up on my local machine:
>> >
>> > http://bob
>> > http://mary
>> > http://john
>> >
>> > I have "bob", "mary", and "john" all set up in my hosts file to point
>> > to
>> > 127.0.0.1. When I launch any of these addresses in a browser, the
>> > request
>> > will loop back to the local machine and IIS will sort out which website
>> > to
>> > launch based on the host name, "bob", "mary" or "john".
>> >
>> > By default, there is also a default website that will accept requests
>> > for
>> > "localhost", "127.0.0.1", or the full DNS name of the local machine.
>> > This
>> > can be a completely separate website or can be one of the three listed
>> > above.
>> >
>> > (My apologies if this is "Duh!" material ... I'm just setting up the
>> > scenario)
>> >
>> > OK, so when I launch any of the above sites, all works fine, EXCEPT
>> > when
>> > the
>> > site tries to set a cookie on the browser. If, for example, an
>> > application
>> > on http://bob sets a cookie, the browser will not save it and return it
>> > to
>> > the web server on subsequent requests. I have verified this in
>> > ieHTTPHeaders.
>> >
>> > However, normal cookie operation works fine if I hit a site on
>> > http://localhost or http://127.0.0.1 or http://mymachine.mydomain.com
>> >
>> > As stated above, this behavior only appears in Internet Explorer (I am
>> > using
>> > IE8, if it matters). Firefox and Safari both persist cookies for any
>> > local
>> > site.
>> >
>> > Does anyone know why this behavior exists?
>> >

Reply With Quote
  #6 (permalink)  
Old 10-23-2009
Dan
 

Posts: n/a
Re: Cookies not being sent for local addresses that are not localh

IE and FF will definitely not share cookies - they are stored in distinctly
different folders, and in different formats.

How many cookies are you setting for the site? IE has a limit of 50 per site
(prior to IE 5.01 it was 20 per site) as specified here:
http://support.microsoft.com/kb/941495

As to setting the cookies, are you defining the domain for them when setting
them in your site? IE will only store and return cookies that have the same
domain as the site setting them, and they must have at least one fullstop in
them, so for instance

Site: http://bob
Cookie domain: bob

should work, but if you do

Site: http://bob
Cookie domain: 127.0.0.1

then it won't work, because IE sees that as security risk as 127.0.0.1 does
not match the requested hostname.

Can you provide some examples of the HTTP headers from the application to
the browser to show what it's sending? It might help diagnose what the
problem is.


Dan



"Chris Simmons" <ChrisSimmons@discussions.microsoft.com> wrote in message
news:14317CD2-0885-4C22-8015-65654871DA6D@microsoft.com...
> Oh, and not that I expected IE and FF to actually share cookies. Just
> that I
> figured both browsers would behave the same when it came to cookies.
>
> --
> Thanks,
> Chris Simmons
>
>
> "rob^_^" wrote:
>
>> Hi Chris,
>>
>> You are asking for trouble developing on a server (they should be behind
>> locked doors with no keyboard, screen or mouse, no physical access). I
>> suppose that you have logged on as Administrator?
>>
>> Your testing scenario is unrealistic and misleading. Hop on a client
>> machine
>> and test from there.
>>
>> Probably, your IE browser does not have permissions for the user internet
>> cache. Different browsers do no share their cache.
>>
>>
>>
>> Regards.
>>
>> "Chris Simmons" <Chris Simmons@discussions.microsoft.com> wrote in
>> message
>> news:94DCBB32-6D71-457A-9041-A4FBAF418F07@microsoft.com...
>> > I am noticing a behavior that seems unexpected. Specifically, when
>> > hitting a
>> > website that is on the local machine (127.0.0.1), IE8 is not storing
>> > the
>> > cookies from the website if the site address is not:
>> > 1. localhost
>> > 2. 127.0.0.1
>> > 3. The full true DNS name of the machine (e.g. mymachine.mydomain.com)
>> >
>> > I am probably answering my own question here (I'm guessing this is some
>> > cookie security thing), but I guess I'd just like to see if this is a
>> > known
>> > issue/feature of IE. This behavior is not present in Firefox.
>> >
>> > If this is confusing, let me set up the scenario:
>> >
>> > I develop web applications on a workstation running Windows Server
>> > 2008.
>> > As
>> > I need to develop for multiple differing websites, I have corresponding
>> > local
>> > websites set up on the local IIS, differentiated by hostname. So, for
>> > example, I can have these websites all set up on my local machine:
>> >
>> > http://bob
>> > http://mary
>> > http://john
>> >
>> > I have "bob", "mary", and "john" all set up in my hosts file to point
>> > to
>> > 127.0.0.1. When I launch any of these addresses in a browser, the
>> > request
>> > will loop back to the local machine and IIS will sort out which website
>> > to
>> > launch based on the host name, "bob", "mary" or "john".
>> >
>> > By default, there is also a default website that will accept requests
>> > for
>> > "localhost", "127.0.0.1", or the full DNS name of the local machine.
>> > This
>> > can be a completely separate website or can be one of the three listed
>> > above.
>> >
>> > (My apologies if this is "Duh!" material ... I'm just setting up the
>> > scenario)
>> >
>> > OK, so when I launch any of the above sites, all works fine, EXCEPT
>> > when
>> > the
>> > site tries to set a cookie on the browser. If, for example, an
>> > application
>> > on http://bob sets a cookie, the browser will not save it and return it
>> > to
>> > the web server on subsequent requests. I have verified this in
>> > ieHTTPHeaders.
>> >
>> > However, normal cookie operation works fine if I hit a site on
>> > http://localhost or http://127.0.0.1 or http://mymachine.mydomain.com
>> >
>> > As stated above, this behavior only appears in Internet Explorer (I am
>> > using
>> > IE8, if it matters). Firefox and Safari both persist cookies for any
>> > local
>> > site.
>> >
>> > Does anyone know why this behavior exists?
>> >




Reply With Quote
  #7 (permalink)  
Old 10-23-2009
Dan
 

Posts: n/a
Re: Cookies not being sent for local addresses that are not localh
Oops, my reply is wrong!

IE will not store cookies if the domain part does not contain a fullstop. So
you can't store cookies for http://bob, or http://mary, or any other URL
that does not contain a fullstop other than localhost. This is a security
feature to help prevent the accidental exposure of cookie information to the
wrong servers. For instance, lets say you name an internal site "com". If IE
let you store a cookie for com, when you go to any site using com as parent
domain part (for instance, microsoft.com) that cookie would be sent along to
the remote server.

MS themselves recommend that you should always name internal servers with
hostnames that are FQDNs, such as bob.local. This also helps to mitigate
problems such as DNS failures and use of suffix handling - eg. if the DNS
automatic suffix for a machine on your network is .com, and you name a
server bob, a request to http://bob could end up requesting http://bob.com
because of the automatic suffix handling.

So to get this to work you need to stop using single words for internal site
URLs.

Dan


"Dan" <news@worldofspack.com> wrote in message
news:52F3961C-04F9-48BD-82DE-789FF337D4AE@microsoft.com...
>
> IE and FF will definitely not share cookies - they are stored in
> distinctly different folders, and in different formats.
>
> How many cookies are you setting for the site? IE has a limit of 50 per
> site (prior to IE 5.01 it was 20 per site) as specified here:
> http://support.microsoft.com/kb/941495
>
> As to setting the cookies, are you defining the domain for them when
> setting them in your site? IE will only store and return cookies that have
> the same domain as the site setting them, and they must have at least one
> fullstop in them, so for instance
>
> Site: http://bob
> Cookie domain: bob
>
> should work, but if you do
>
> Site: http://bob
> Cookie domain: 127.0.0.1
>
> then it won't work, because IE sees that as security risk as 127.0.0.1
> does not match the requested hostname.
>
> Can you provide some examples of the HTTP headers from the application to
> the browser to show what it's sending? It might help diagnose what the
> problem is.
>
>
> Dan
>
>
>
> "Chris Simmons" <ChrisSimmons@discussions.microsoft.com> wrote in message
> news:14317CD2-0885-4C22-8015-65654871DA6D@microsoft.com...
>> Oh, and not that I expected IE and FF to actually share cookies. Just
>> that I
>> figured both browsers would behave the same when it came to cookies.
>>
>> --
>> Thanks,
>> Chris Simmons
>>
>>
>> "rob^_^" wrote:
>>
>>> Hi Chris,
>>>
>>> You are asking for trouble developing on a server (they should be behind
>>> locked doors with no keyboard, screen or mouse, no physical access). I
>>> suppose that you have logged on as Administrator?
>>>
>>> Your testing scenario is unrealistic and misleading. Hop on a client
>>> machine
>>> and test from there.
>>>
>>> Probably, your IE browser does not have permissions for the user
>>> internet
>>> cache. Different browsers do no share their cache.
>>>
>>>
>>>
>>> Regards.
>>>
>>> "Chris Simmons" <Chris Simmons@discussions.microsoft.com> wrote in
>>> message
>>> news:94DCBB32-6D71-457A-9041-A4FBAF418F07@microsoft.com...
>>> > I am noticing a behavior that seems unexpected. Specifically, when
>>> > hitting a
>>> > website that is on the local machine (127.0.0.1), IE8 is not storing
>>> > the
>>> > cookies from the website if the site address is not:
>>> > 1. localhost
>>> > 2. 127.0.0.1
>>> > 3. The full true DNS name of the machine (e.g. mymachine.mydomain.com)
>>> >
>>> > I am probably answering my own question here (I'm guessing this is
>>> > some
>>> > cookie security thing), but I guess I'd just like to see if this is a
>>> > known
>>> > issue/feature of IE. This behavior is not present in Firefox.
>>> >
>>> > If this is confusing, let me set up the scenario:
>>> >
>>> > I develop web applications on a workstation running Windows Server
>>> > 2008.
>>> > As
>>> > I need to develop for multiple differing websites, I have
>>> > corresponding
>>> > local
>>> > websites set up on the local IIS, differentiated by hostname. So, for
>>> > example, I can have these websites all set up on my local machine:
>>> >
>>> > http://bob
>>> > http://mary
>>> > http://john
>>> >
>>> > I have "bob", "mary", and "john" all set up in my hosts file to point
>>> > to
>>> > 127.0.0.1. When I launch any of these addresses in a browser, the
>>> > request
>>> > will loop back to the local machine and IIS will sort out which
>>> > website to
>>> > launch based on the host name, "bob", "mary" or "john".
>>> >
>>> > By default, there is also a default website that will accept requests
>>> > for
>>> > "localhost", "127.0.0.1", or the full DNS name of the local machine.
>>> > This
>>> > can be a completely separate website or can be one of the three listed
>>> > above.
>>> >
>>> > (My apologies if this is "Duh!" material ... I'm just setting up the
>>> > scenario)
>>> >
>>> > OK, so when I launch any of the above sites, all works fine, EXCEPT
>>> > when
>>> > the
>>> > site tries to set a cookie on the browser. If, for example, an
>>> > application
>>> > on http://bob sets a cookie, the browser will not save it and return
>>> > it to
>>> > the web server on subsequent requests. I have verified this in
>>> > ieHTTPHeaders.
>>> >
>>> > However, normal cookie operation works fine if I hit a site on
>>> > http://localhost or http://127.0.0.1 or http://mymachine.mydomain.com
>>> >
>>> > As stated above, this behavior only appears in Internet Explorer (I am
>>> > using
>>> > IE8, if it matters). Firefox and Safari both persist cookies for any
>>> > local
>>> > site.
>>> >
>>> > Does anyone know why this behavior exists?
>>> >

>
>
>




Reply With Quote
  #8 (permalink)  
Old 10-23-2009
Chris Simmons
 

Posts: n/a
Re: Cookies not being sent for local addresses that are not localh
Dan:

Many thanks for the reply. Makes sense.

--
Thanks,
Chris Simmons


"Dan" wrote:

> Oops, my reply is wrong!
>
> IE will not store cookies if the domain part does not contain a fullstop. So
> you can't store cookies for http://bob, or http://mary, or any other URL
> that does not contain a fullstop other than localhost. This is a security
> feature to help prevent the accidental exposure of cookie information to the
> wrong servers. For instance, lets say you name an internal site "com". If IE
> let you store a cookie for com, when you go to any site using com as parent
> domain part (for instance, microsoft.com) that cookie would be sent along to
> the remote server.
>
> MS themselves recommend that you should always name internal servers with
> hostnames that are FQDNs, such as bob.local. This also helps to mitigate
> problems such as DNS failures and use of suffix handling - eg. if the DNS
> automatic suffix for a machine on your network is .com, and you name a
> server bob, a request to http://bob could end up requesting http://bob.com
> because of the automatic suffix handling.
>
> So to get this to work you need to stop using single words for internal site
> URLs.
>
> Dan
>
>
> "Dan" <news@worldofspack.com> wrote in message
> news:52F3961C-04F9-48BD-82DE-789FF337D4AE@microsoft.com...
> >
> > IE and FF will definitely not share cookies - they are stored in
> > distinctly different folders, and in different formats.
> >
> > How many cookies are you setting for the site? IE has a limit of 50 per
> > site (prior to IE 5.01 it was 20 per site) as specified here:
> > http://support.microsoft.com/kb/941495
> >
> > As to setting the cookies, are you defining the domain for them when
> > setting them in your site? IE will only store and return cookies that have
> > the same domain as the site setting them, and they must have at least one
> > fullstop in them, so for instance
> >
> > Site: http://bob
> > Cookie domain: bob
> >
> > should work, but if you do
> >
> > Site: http://bob
> > Cookie domain: 127.0.0.1
> >
> > then it won't work, because IE sees that as security risk as 127.0.0.1
> > does not match the requested hostname.
> >
> > Can you provide some examples of the HTTP headers from the application to
> > the browser to show what it's sending? It might help diagnose what the
> > problem is.
> >
> >
> > Dan
> >
> >
> >
> > "Chris Simmons" <ChrisSimmons@discussions.microsoft.com> wrote in message
> > news:14317CD2-0885-4C22-8015-65654871DA6D@microsoft.com...
> >> Oh, and not that I expected IE and FF to actually share cookies. Just
> >> that I
> >> figured both browsers would behave the same when it came to cookies.
> >>
> >> --
> >> Thanks,
> >> Chris Simmons
> >>
> >>
> >> "rob^_^" wrote:
> >>
> >>> Hi Chris,
> >>>
> >>> You are asking for trouble developing on a server (they should be behind
> >>> locked doors with no keyboard, screen or mouse, no physical access). I
> >>> suppose that you have logged on as Administrator?
> >>>
> >>> Your testing scenario is unrealistic and misleading. Hop on a client
> >>> machine
> >>> and test from there.
> >>>
> >>> Probably, your IE browser does not have permissions for the user
> >>> internet
> >>> cache. Different browsers do no share their cache.
> >>>
> >>>
> >>>
> >>> Regards.
> >>>
> >>> "Chris Simmons" <Chris Simmons@discussions.microsoft.com> wrote in
> >>> message
> >>> news:94DCBB32-6D71-457A-9041-A4FBAF418F07@microsoft.com...
> >>> > I am noticing a behavior that seems unexpected. Specifically, when
> >>> > hitting a
> >>> > website that is on the local machine (127.0.0.1), IE8 is not storing
> >>> > the
> >>> > cookies from the website if the site address is not:
> >>> > 1. localhost
> >>> > 2. 127.0.0.1
> >>> > 3. The full true DNS name of the machine (e.g. mymachine.mydomain.com)
> >>> >
> >>> > I am probably answering my own question here (I'm guessing this is
> >>> > some
> >>> > cookie security thing), but I guess I'd just like to see if this is a
> >>> > known
> >>> > issue/feature of IE. This behavior is not present in Firefox.
> >>> >
> >>> > If this is confusing, let me set up the scenario:
> >>> >
> >>> > I develop web applications on a workstation running Windows Server
> >>> > 2008.
> >>> > As
> >>> > I need to develop for multiple differing websites, I have
> >>> > corresponding
> >>> > local
> >>> > websites set up on the local IIS, differentiated by hostname. So, for
> >>> > example, I can have these websites all set up on my local machine:
> >>> >
> >>> > http://bob
> >>> > http://mary
> >>> > http://john
> >>> >
> >>> > I have "bob", "mary", and "john" all set up in my hosts file to point
> >>> > to
> >>> > 127.0.0.1. When I launch any of these addresses in a browser, the
> >>> > request
> >>> > will loop back to the local machine and IIS will sort out which
> >>> > website to
> >>> > launch based on the host name, "bob", "mary" or "john".
> >>> >
> >>> > By default, there is also a default website that will accept requests
> >>> > for
> >>> > "localhost", "127.0.0.1", or the full DNS name of the local machine.
> >>> > This
> >>> > can be a completely separate website or can be one of the three listed
> >>> > above.
> >>> >
> >>> > (My apologies if this is "Duh!" material ... I'm just setting up the
> >>> > scenario)
> >>> >
> >>> > OK, so when I launch any of the above sites, all works fine, EXCEPT
> >>> > when
> >>> > the
> >>> > site tries to set a cookie on the browser. If, for example, an
> >>> > application
> >>> > on http://bob sets a cookie, the browser will not save it and return
> >>> > it to
> >>> > the web server on subsequent requests. I have verified this in
> >>> > ieHTTPHeaders.
> >>> >
> >>> > However, normal cookie operation works fine if I hit a site on
> >>> > http://localhost or http://127.0.0.1 or http://mymachine.mydomain.com
> >>> >
> >>> > As stated above, this behavior only appears in Internet Explorer (I am
> >>> > using
> >>> > IE8, if it matters). Firefox and Safari both persist cookies for any
> >>> > local
> >>> > site.
> >>> >
> >>> > Does anyone know why this behavior exists?
> >>> >

> >
> >
> >

>
>
>

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet Explorer is going through proxy for local addresses Ho-Yan Shum microsoft.public.internetexplorer.general 0 07-27-2009 02:31
Browser & Flash cookies. UserData caching. Now DOM local storage? VanguardLH microsoft.public.internetexplorer.general 0 03-22-2009 18:45
Re: Cookies blocked. Must accept all cookies to Sign In Joe microsoft.public.internetexplorer.general 1 01-07-2009 22:43
IIS 7.0 and Vista Business - Blank Pages for all localhost addresses bilal.akram@gmail.com microsoft.public.windows.vista.general 2 04-17-2008 14:11
IIS 7.0 and Vista Business - Blank Pages for all localhost addresses bilal.akram@gmail.com microsoft.public.windows.vista.installation setup 0 04-16-2008 12:20




All times are GMT +1. The time now is 13:53.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120