ASP classic reads .NET cookie in Firefox, but not IE

Question

Hello,

Having an issue with ASP.NET, when trying to set a cookie on subdomain1.mydomain.com to be read by subdomain2.mydomain.com.

"subdomain1" is an ASP.NET application running on IIS 6. "subdomain2" is an ASP Classic application running on IIS6.

What I don't understand is that when I test my .NET page (below) in Firefox, it works. If I test it under IE8, no cookie seems to get stored/passed to subdomain2. I've tried many variations on the code below, to no avail (including adding an expiry date/time):

Dim k As Guid = Guid.NewGuid
Dim c As New HttpCookie("Interstitial")

With c
.Values("a") = 1
.Values("b") = 2
.Values("c") = 3
.Values("d") = 4
.Domain = ".mydomain.com"
End With

Response.AppendCookie(c) 'Have also used Response.Cookies.Add(c)

Dim url As String = String.Format("https://subdomain2.mydomain.com/?d={0}", k.ToString)

Response.Redirect(url)

Other information that may be relevant:

• The code above is executed in response to a postback (button click)
• Under IE8, the response.redirect() seems to cause the browser request to never finish

Any tips/ideas would be greatly appreciated.

Thanks

Answer 1

Have you tried running the page through Fiddler? This is a brilliant tool as it shows all the HTTP activity for a request.

I've previously has problems where there are strange browser issues which end up being quite esoteric like network config. Fiddler is great at lifting the lid on such problems.

Answer 2

I believe this by design (a buggy design perhaps). WinINET deliberately chooses not to forward Cookies set in a redirect response in the subsequent request if the request is not in the same domain.

Don't quote me but I believe this is a result of a security patch for a bug which found WinINET forwarding any cookie in Set-Cookie headers of a redirect response to the location of the redirect even if the destination was not in the same domain.

My suspicion is that the bug fix for this is more draconian than it needed to be.