Internet Explorer ignores cookies on some domains (cannot read or set cookies)

views:

2015

answers:

+7 Q:

Internet Explorer ignores cookies on some domains (cannot read or set cookies)

I have a site, e.g. example.com, where users can set their own subdomains (one user - one subdomain) and upload their own scripts, e.g. http://somedomain.example.com/xyzzy.php would map to /www/somedomain/xyzzy.php

Now, on some of those domains, Internet Explorer 7 won't/can't accept cookies. Checked with Fiddler: the server sends Set-Cookie response correctly, yet the cookie never shows up in IE - for JS or Developer Tools. On request, IE7 doesn't send the Cookie header either.

The cookies are set for the user's domain (e.g. somedomain.example.com), path is /, tried different expiration options (past, future, current, "0"), are not HttpOnly, are not secure.

FF, Opera, Safari and Chrome all work without problems.

Why does IE ignore the cookies?

+10 A:

Does one of the subdomains use an underscore ? IE has problems accepting cookies from subdomain's that dont follow the URI RFC. (http://www.ietf.org/rfc/rfc2396.txt)

u07ch 2009-04-27 16:29:06

+9 A:

According to RFC1035 (Domain names - implementation and specification):

[domain names] must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphen.

Turns out some of the domains had an underscore ( "_" ) in them: some_domain.example.com. Although this is a violation of the RFC, all other browsers work normally.

MSIE 7, on a domain with an underscore, silently drops all cookies for that host and refuses to accept new ones.

The only solution is to use RFC-compliant domains (I've replaced all the "_"s with "-"s and set up a RewriteRule so that traffic is redirected to the compliant domains).

Piskvor 2009-04-27 16:29:54

+2 A:

Hi!

Thanks for these posts! They helped me halfway to a solution...

One contribution from me: The problem doesn't only apply for underscores in domain names, but also for domain names starting with a numeric digit. So 1aaaaaaa.tld is actually a non-standard domain name, which will cause IE to reject the cookie.

I solved it by using only www2.1aaaaaaa.tld, and then adding rewrite rules for the 1aaaaaaa.tld and www.1aaaaaaa.tld hosts in .htaccess. Don't know if that really qualifies as a standards-compliant solution.... but anyway, it seems to have solved the cookie problem.

Hope that helps someone!

Tomas Ullberg

Tomas Ullberg 2010-01-25 11:13:26

This post solved my issue too! For which I had wasted weeks trying to figure out!!

Why does IIS even allow you to add bindings that don't comply to the URI RCF???

Thankyou very very very much!!!

Matt 2010-07-19 10:48:33

This is not only IIS; Apache will happily serve underscored_domain.example.com for you as well. Not sure why.

Piskvor 2010-07-19 11:11:18

Thanx!!! This post made me very very happy!

spivvi 2010-08-27 19:49:27

Yours isn't an answer to the question, it's a comment. Please post comments as comments. Thank you.

Piskvor 2010-08-27 21:57:30

ansaurus

tags:

views:

answers:

Internet Explorer ignores cookies on some domains (cannot read or set cookies)

related questions