Cookies in IE8

Discussion in 'ASP .Net Security' started by MCM, Sep 14, 2009.

  1. MCM

    MCM Guest

    I have a web app that uses a persistent cookie to store login info. It was
    working perfectly in IE7 and still works in all other browsers, but no longer
    works IE8. What are the new rules for cookies in IE8 so I can adjust it?
    MCM, Sep 14, 2009
    #1
    1. Advertising

  2. Hello,

    In IE8, the security bar is promoted. We have to set the domain name in
    cookie.
    In IE7 and previous version, you can ignore the domain setting. But in IE8,
    we need to specific the domain in cookie. So please append the domain
    information in each cookie body.

    ps:
    If you used IE8 beta version, please update it.



    Sincerely,

    Vince Xu

    Microsoft Online Support


    ==================================================
    Get notification to my posts through email? Please refer to
    http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

    MSDN Managed Newsgroup support offering is for non-urgent issues where an
    initial response from the community or a Microsoft Support Engineer within
    2 business day is acceptable. Please note that each follow up response may
    take approximately 2 business days as the support professional working with
    you may need further investigation to reach the most efficient resolution.
    The offering is not appropriate for situations that require urgent,
    real-time or phone-based interactions. Issues of this nature are best
    handled working with a dedicated Microsoft Support Engineer by contacting
    Microsoft Customer Support Services (CSS) at
    http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
    ==================================================
    Vince Xu [MSFT], Sep 15, 2009
    #2
    1. Advertising

  3. MCM

    MCM Guest

    I think I got it worked out here. Something else in my code may have been
    causing an issue. But can you confirm these settings for me:


    <authentication mode="Forms">
    <forms name=".COMPANYASPXAUTH"
    domain="company.com"
    cookieless="UseCookies"
    timeout="43200"
    defaultUrl="Home.aspx"
    loginUrl="Login.aspx" />
    </authentication>



    "Vince Xu [MSFT]" wrote:

    > Hello,
    >
    > In IE8, the security bar is promoted. We have to set the domain name in
    > cookie.
    > In IE7 and previous version, you can ignore the domain setting. But in IE8,
    > we need to specific the domain in cookie. So please append the domain
    > information in each cookie body.
    >
    > ps:
    > If you used IE8 beta version, please update it.
    >
    >
    >
    > Sincerely,
    >
    > Vince Xu
    >
    > Microsoft Online Support
    >
    >
    > ==================================================
    > Get notification to my posts through email? Please refer to
    > http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
    >
    > MSDN Managed Newsgroup support offering is for non-urgent issues where an
    > initial response from the community or a Microsoft Support Engineer within
    > 2 business day is acceptable. Please note that each follow up response may
    > take approximately 2 business days as the support professional working with
    > you may need further investigation to reach the most efficient resolution.
    > The offering is not appropriate for situations that require urgent,
    > real-time or phone-based interactions. Issues of this nature are best
    > handled working with a dedicated Microsoft Support Engineer by contacting
    > Microsoft Customer Support Services (CSS) at
    > http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
    > ==================================================
    >
    >
    >
    MCM, Sep 15, 2009
    #3
  4. Hello,

    I think it's fine. Could you please post your code to operate cookie if it
    work either?

    --
    Regards,
    Vince
    Microsoft Online Support

    --------------------
    | Thread-Topic: Cookies in IE8
    | thread-index: Aco2I3NEmMZI6VH3RZ+FBNiT+ozvXw==
    | X-WBNR-Posting-Host: 216.80.121.82
    | From: =?Utf-8?B?TUNN?= <>
    | References: <>
    <>
    | Subject: RE: Cookies in IE8
    | Date: Tue, 15 Sep 2009 09:42:01 -0700
    | Lines: 55
    | Message-ID: <>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="Utf-8"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | Content-Class: urn:content-classes:message
    | Importance: normal
    | Priority: normal
    | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
    | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    | Path: TK2MSFTNGHUB02.phx.gbl
    | Xref: TK2MSFTNGHUB02.phx.gbl
    microsoft.public.dotnet.framework.aspnet.security:3141
    | NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
    | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    |
    | I think I got it worked out here. Something else in my code may have been
    | causing an issue. But can you confirm these settings for me:
    |
    |
    | <authentication mode="Forms">
    | <forms name=".COMPANYASPXAUTH"
    | domain="company.com"
    | cookieless="UseCookies"
    | timeout="43200"
    | defaultUrl="Home.aspx"
    | loginUrl="Login.aspx" />
    | </authentication>
    |
    |
    |
    | "Vince Xu [MSFT]" wrote:
    |
    | > Hello,
    | >
    | > In IE8, the security bar is promoted. We have to set the domain name in
    | > cookie.
    | > In IE7 and previous version, you can ignore the domain setting. But in
    IE8,
    | > we need to specific the domain in cookie. So please append the domain
    | > information in each cookie body.
    | >
    | > ps:
    | > If you used IE8 beta version, please update it.
    | >
    | >
    | >
    | > Sincerely,
    | >
    | > Vince Xu
    | >
    | > Microsoft Online Support
    | >
    | >
    | > ==================================================
    | > Get notification to my posts through email? Please refer to
    | >
    http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
    | >
    | > MSDN Managed Newsgroup support offering is for non-urgent issues where
    an
    | > initial response from the community or a Microsoft Support Engineer
    within
    | > 2 business day is acceptable. Please note that each follow up response
    may
    | > take approximately 2 business days as the support professional working
    with
    | > you may need further investigation to reach the most efficient
    resolution.
    | > The offering is not appropriate for situations that require urgent,
    | > real-time or phone-based interactions. Issues of this nature are best
    | > handled working with a dedicated Microsoft Support Engineer by
    contacting
    | > Microsoft Customer Support Services (CSS) at
    | > http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
    | > ==================================================
    | >
    | >
    | >
    |
    Vince Xu [MSFT], Sep 17, 2009
    #4
  5. MCM

    MCM Guest

    Can I e-mail it to you instead?

    "Vince Xu [MSFT]" wrote:

    > Hello,
    >
    > I think it's fine. Could you please post your code to operate cookie if it
    > work either?
    >
    > --
    > Regards,
    > Vince
    > Microsoft Online Support
    >
    > --------------------
    > | Thread-Topic: Cookies in IE8
    > | thread-index: Aco2I3NEmMZI6VH3RZ+FBNiT+ozvXw==
    > | X-WBNR-Posting-Host: 216.80.121.82
    > | From: =?Utf-8?B?TUNN?= <>
    > | References: <>
    > <>
    > | Subject: RE: Cookies in IE8
    > | Date: Tue, 15 Sep 2009 09:42:01 -0700
    > | Lines: 55
    > | Message-ID: <>
    > | MIME-Version: 1.0
    > | Content-Type: text/plain;
    > | charset="Utf-8"
    > | Content-Transfer-Encoding: 7bit
    > | X-Newsreader: Microsoft CDO for Windows 2000
    > | Content-Class: urn:content-classes:message
    > | Importance: normal
    > | Priority: normal
    > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
    > | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    > | Path: TK2MSFTNGHUB02.phx.gbl
    > | Xref: TK2MSFTNGHUB02.phx.gbl
    > microsoft.public.dotnet.framework.aspnet.security:3141
    > | NNTP-Posting-Host: tk2msftibfm01.phx.gbl 10.40.244.149
    > | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    > |
    > | I think I got it worked out here. Something else in my code may have been
    > | causing an issue. But can you confirm these settings for me:
    > |
    > |
    > | <authentication mode="Forms">
    > | <forms name=".COMPANYASPXAUTH"
    > | domain="company.com"
    > | cookieless="UseCookies"
    > | timeout="43200"
    > | defaultUrl="Home.aspx"
    > | loginUrl="Login.aspx" />
    > | </authentication>
    > |
    > |
    > |
    > | "Vince Xu [MSFT]" wrote:
    > |
    > | > Hello,
    > | >
    > | > In IE8, the security bar is promoted. We have to set the domain name in
    > | > cookie.
    > | > In IE7 and previous version, you can ignore the domain setting. But in
    > IE8,
    > | > we need to specific the domain in cookie. So please append the domain
    > | > information in each cookie body.
    > | >
    > | > ps:
    > | > If you used IE8 beta version, please update it.
    > | >
    > | >
    > | >
    > | > Sincerely,
    > | >
    > | > Vince Xu
    > | >
    > | > Microsoft Online Support
    > | >
    > | >
    > | > ==================================================
    > | > Get notification to my posts through email? Please refer to
    > | >
    > http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
    > | >
    > | > MSDN Managed Newsgroup support offering is for non-urgent issues where
    > an
    > | > initial response from the community or a Microsoft Support Engineer
    > within
    > | > 2 business day is acceptable. Please note that each follow up response
    > may
    > | > take approximately 2 business days as the support professional working
    > with
    > | > you may need further investigation to reach the most efficient
    > resolution.
    > | > The offering is not appropriate for situations that require urgent,
    > | > real-time or phone-based interactions. Issues of this nature are best
    > | > handled working with a dedicated Microsoft Support Engineer by
    > contacting
    > | > Microsoft Customer Support Services (CSS) at
    > | > http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
    > | > ==================================================
    > | >
    > | >
    > | >
    > |
    >
    >
    MCM, Sep 17, 2009
    #5
  6. Sure, my email address is

    Regards,
    Vince
    Microsoft Online Support
    Vince Xu [MSFT], Sep 18, 2009
    #6
  7. MCM

    MCM Guest

    I e-mail you the code to look at.

    The problem is still occuring. It is weird. I can't reproduce it
    intentionally. At varying times, the cookie just goes away.


    "Vince Xu [MSFT]" wrote:

    > Sure, my email address is
    >
    > Regards,
    > Vince
    > Microsoft Online Support
    >
    >
    MCM, Sep 18, 2009
    #7
  8. Hello,

    Your config is correct. I tried your code sent to me, but I can't reproduct
    this issue in my site.
    What OS you used? Maybe some plugin generates the conflict with IE8 to
    store cookie.
    You can access it in another computer with IE8 to see if you encounter the
    same issue.

    --
    Regards,
    Vince,
    Microsoft Online Support

    --------------------
    | I e-mail you the code to look at.
    |
    | The problem is still occuring. It is weird. I can't reproduce it
    | intentionally. At varying times, the cookie just goes away.
    |
    |
    | "Vince Xu [MSFT]" wrote:
    |
    | > Sure, my email address is
    | >
    | > Regards,
    | > Vince
    | > Microsoft Online Support
    | >
    | >
    |
    Vince Xu [MSFT], Sep 21, 2009
    #8
  9. MCM

    MCM Guest

    Windows 7.

    Also, this is not an easily reproducible issue. I can't figure out when the
    cookie disappears. It *seems* random.


    "Vince Xu [MSFT]" wrote:

    > Hello,
    >
    > Your config is correct. I tried your code sent to me, but I can't reproduct
    > this issue in my site.
    > What OS you used? Maybe some plugin generates the conflict with IE8 to
    > store cookie.
    > You can access it in another computer with IE8 to see if you encounter the
    > same issue.
    >
    > --
    > Regards,
    > Vince,
    > Microsoft Online Support
    >
    > --------------------
    > | I e-mail you the code to look at.
    > |
    > | The problem is still occuring. It is weird. I can't reproduce it
    > | intentionally. At varying times, the cookie just goes away.
    > |
    > |
    > | "Vince Xu [MSFT]" wrote:
    > |
    > | > Sure, my email address is
    > | >
    > | > Regards,
    > | > Vince
    > | > Microsoft Online Support
    > | >
    > | >
    > |
    >
    >
    MCM, Sep 21, 2009
    #9
  10. Hello,

    Could you please use another machine with IE8(but not win7) to try that? I
    guess it's the problem of IE8 in Win7.

    If my guess is correct, please do the following steps on IE8:

    Internet option -> Security -> Custom Level -> Include local directory path
    when uploading files to a server -> enable
    Internet option -> Privacy -> Advenced -> enable "Override automatic cookie
    handling"

    It's not for development. But you can try if it is recovered after we make
    sure it's the problem of IE8 in Win7.

    --
    Regards,
    Vince
    Microsoft Online Support
    Vince Xu [MSFT], Sep 22, 2009
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alex Nitulescu

    Response.Cookies vs Request.Cookies

    Alex Nitulescu, Feb 3, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    8,452
    Hans Kesting
    Feb 3, 2005
  2. Andy Fish
    Replies:
    3
    Views:
    6,501
    Fredrik Lindner
    Nov 6, 2003
  3. user
    Replies:
    3
    Views:
    647
    =?ISO-8859-1?Q?G=F6ran_Andersson?=
    Mar 31, 2007
  4. _Who
    Replies:
    7
    Views:
    2,630
  5. cecile

    ie8!=ie8

    cecile, May 24, 2010, in forum: Javascript
    Replies:
    2
    Views:
    175
    David Mark
    May 24, 2010
Loading...

Share This Page