I have an app that needs to open a new window (in the same domain) so the user can view a report, but on some browsers* the new window doesn't share the non-persistent cookie of the original window, which causes the user to have to sign in again. Is there anything I can do to stop the user having to sign in again in the new window?
*In fact, in IE7 it is sporadic - sometimes new windows share cookies, sometimes not.
They should share cookies. That has been my experience in the past. I'll edit once I've had a play.
I thought IE7 shared non-persistent cookies with tabs in the same window, as well as windows that were generated from the current window (whether or not this is the same for manual opens like File->New, or programmatic script opens, I'm not sure), but that fresh instances did not.
Firefox shares them across all windows, regardless of how they were opened. I've always assumed that this is just the way it is, and you'd have to use persistent cookies, cookie-less sessions, or develop a single sign-on/ticketing mechanism to work around it.
I'm using ASP.NET and relying on the behaviour of sessions being shared across browser windows and it's working for me. In fact, I'm even using it for the same reason as you to show a report in the new window :)
Could it be related to how you are opening the window, e.g. - JavaScript vs. target tag?
IE7 does seem to generate new processes with a different algorithm than IE6, and can cause issues with session cookies.
The most reliable solution is probably going to be to architect around it - either with cookieless sessions, a persistent cookie, or just serializing the data you need in the page.