What could cause Session Cookies to disappear mid-session?

Question

I have a web application which uses a session cookie to keep users logged on. When they log on, the system generates a GUID which it associates with the User record in the database. The GUID which is then stored in a cookie so it can be then read on each page load and checked against the database entry.

The code to set the cookie is quite simple.

Response.Cookies("UserSession")("ID") = vsSessionCookie
Response.Cookies("UserSession").path = "/"

Despite the system being in use for years, a new client has started complaining of errors occurring. As we log information about errors when they occur, including the cookies, I saw that the session cookies were simply not present anymore. A look at the code did show that if the session cookies go walkabout, the application errors.

Note that persistent cookies used by the application, which have an expiry date set, do remain.

I know it should handle this more gracefully, but the issue I am puzzled about is what could cause the the session cookies to disappear. This is not a case of the user being inactive for a certain period of time, because they claim it happens randomly when they use the system. Unfortunately they aren't more specific but in one case I discover it happened after they ran a report in the system. This report is displayed in a new browser window (opened in JavaScript using Window.Open) so it looks like closing this window kills the session cookies in the original window.

The system (sadly) only works in IE only but I can't find any setting which would cause this behaviour, and it works happily for many other clients.

Is there a setting somewhere that could result in this behaviour? Why should it work for some clients, but not the others?

Maybe it is not related to closing windows, and some other process is clearing down the session cookies mid-session, but what?

So many questions.... sorry, but if anyone has any experience of the situation, it would help alot!

For Information, the web system is written in ASP.Net. There is also a system written in classic ASP that suffers the same for the client, so I do not believe the web system itself is at fault.

Answer 1

Are all clients using the same version of IE? I've also seen on Windows anti-virus software clearing cookies.

Answer 2

I have found this article on the Microsoft Knowledge base which may be relevant

KB935778

I haven't had the chance to try this out yet though.

Answer 3

i have faced such problems, ever since IE6 till now IE8. problem seems to be when you start IE (what is the first page) if its a local page (e.g file://c:\a.htm) and then from there u go to the actual website, (it will still be ok) then in your website, it opens a pop up, and then when you close the pop up (that is when the session cookie get destroyed, cos after that all data in cookie is gone and i get logged out. So my solution was to (start > run > 'iexplore http://www.mywebapp-site.com')

but i also faced problem where some data set in cookie is not set, still no idea.. why..