I'm having a strange problem with cookies which are being sent and received properly but are inaccessible to JavaScript on Internet Explorer. Chrome, Firefox, Opera, and Safari JavaScript is fine.
Post to "http://wp.abc.example.com/content/sv2.cgi?id=1234", response sets cookies, issues 302 redirect:
HTTP/1.0 302 Moved Temporarily Location: http://members.abc.example.com/abc/members/0912/07/news01.html Set-Cookie: AID=1495763b4fc6d5f4290e2074ab1092f7; expires=Tue Feb 16 09:33:03 2010 GMT; path=/abc/members/0912/07/news01.html; domain=abc.example.com; ; Set-Cookie: LEADENDDATE=20091218; expires=Tue Feb 16 09:33:03 2010 GMT; path=/abc/members/0912/07/news01.html; domain=abc.example.com; ;Browser requests target page, including the cookies just sent.
GET /abc/members/0912/07/news01.html HTTP/1.1 Cookie: AID=1495763b4fc6d5f4290e2074ab1092f7; LEADENDDATE=20091218; Host: members.abc.example.comRun "javascript:alert(document.cookie);" in the browser address bar.
On IE, and IE only, the cookies aren't there. Other browsers are fine. This is true for IE6, 7, and 8.
So in summary,
The "wp.abc.example.com" sets a cookie on "abc.example.com", which is sent to the server in requests on "members.abc.example.com", but not visible to JavaScript on that page.
Why?
I thought maybe instead of "abc.example.com" the cookie should be set on ".abc.example.com" to allow subdomain matching, but even so it's being sent in the "members.abc.example.com" request header.
Basically it's acting as though "HttpOnly" is set on the cookie, even though from the Set-Cookie header example shown above, that flag is not included. Does the extra ";" maybe have some effect?