Share this question

Welcome to Teachnovice Q&A, where you can ask questions and receive answers from other members of the community.

This is a collaboratively edited question and answer site for computer enthusiasts and power users. It's 100% free, no registration required.

Internet Explorer ignores cookies on some domains (cannot read or set cookies)

0 like 0 dislike
4,098 views

I have a site, e.g. example.com, where users can set their own subdomains (one user - one subdomain) and upload their own scripts, e.g. http://somedomain.example.com/xyzzy.php would map to /www/somedomain/xyzzy.php

Now, on some of those domains, Internet Explorer 7 won't/can't accept cookies. Checked with Fiddler: the server sends Set-Cookie response correctly, yet the cookie never shows up in IE - for JS or Developer Tools. On request, IE7 doesn't send the Cookie header either.

The cookies are set for the user's domain (e.g. somedomain.example.com), path is /, tried different expiration options (past, future, current, "0"), are not HttpOnly, are not secure.

FF, Opera, Safari and Chrome all work without problems.

Why does IE ignore the cookies?

asked May 10, 2013 by anonymous  

2 Answers

0 like 0 dislike
 
Best answer

According to RFC1035 (Domain names - implementation and specification):

[domain names] must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphen.

Turns out some of the domains had an underscore ( "_" ) in them: some_domain.example.com. Although this is a violation of the RFC, all other browsers work normally.

MSIE 7, on a domain with an underscore, silently drops all cookies for that host and refuses to accept new ones.

The only solution is to use RFC-compliant domains (I've replaced all the "_"s with "-"s and set up a RewriteRule so that traffic is redirected to the compliant domains).

answered May 10, 2013 by anonymous  
Could you post the rewrite rule? It looks as though I will be doing something similar this week...
Can't post the exact thing (I no longer have access to that code), but will try to re-create it.
I actually found a much neater solution using RewriteMaps. I made a shell script that basically just contains sed -u 's/_/-/g' and then created a map with RewriteMap sedmap prg:/path/to/script and used that in my rewrite.
Hmm... I have another application where IE refuses to accept any cookies that use a domain. As soon as a domain is applied IE (9 and 7 checked) both refuse to accept the cookie and silently fail.
0 like 0 dislike
Thanks for these posts! They helped me halfway to a solution...

One contribution from me: The problem doesn't only apply for underscores in domain names, but also for domain names starting with a numeric digit. So 1aaaaaaa.tld is actually a non-standard domain name, which will cause IE to reject the cookie.

I solved it by using only www2.1aaaaaaa.tld, and then adding rewrite rules for the 1aaaaaaa.tld and www.1aaaaaaa.tld hosts in .htaccess. Don't know if that really qualifies as a standards-compliant solution.... but anyway, it seems to have solved the cookie problem.

Hope that helps someone!

Tomas Ullberg
answered May 10, 2013 by anonymous  
...