Does IE8 have a problem determining what protected mode state the resulant site should be in when following redirects?
We are seeing this situation when using IE8 on windows 7 in an enterprise environment.
Note:
Server A is a secure site and is listed in the users trusted sites list.
Server B is also a secure site but is not listed in the users trusted site list.
At the end of each step I have indicated whether IE is in protected mode(PM).
- The user loads a form on Server A and submits it. PM is Off
- Server A processes the submission and returns a redirect to Server B. PM is Off
- Server B then redirects to an alternate url on its own domain and sets a cookie delivering a page to the user. PM is Off
- User clicks a link to continue transaction and Server B attempts to read the cookie. PM turns ON
- IE8 does not send the cookie to Server B because it was set in a different protected mode.
From what I can understand, transactions commencing with Server B should immediately put the browser into Protected Mode. However, it appears that IE8 is not correctly identifying the initial mode for Server B - perhaps because of the redirects?
Looking at the cookies in IE8's developer tools I noticed they are registered against .COM.AU rather than the more specific complete domain for Server B.
I don't have permission to install Fiddler on the machine so I have used firefox to determine what transactions took place.
Matt