Wednesday, November 25, 2009

Internet Explorer 8 broke my cookies!

Fairly recently, I discovered that svidgen.com does not properly manage sessions with IE8.  Is seems as though the general session cookie (svession) is being set and maintained correctly in all browsers, including IE8.  However, my "subsession" authentication token (atoken) headers are not being respected by IE8 in all cases, causing signin to last for only a single page view.

After spending some time Googling around, it seems as though some other folks are having similar issues.  And, from what I can tell, this may have something to do with "enhanced" security on cookie handling in IE, which requires cookies to have the domain explicitly named--though I have yet to find any Microsoft-published documentation to confirm this.  In fact, I have yet to see any Microsoft-published documentation on cookie-handling in IE8 at all.

Can anyone point me in the direction of this documentation?  I can't find any cookie information on the IE8 Readiness Toolkit for Developers.  But the information regarding changes in cookie handling must certainly exist somewhere ... mustn't it?

In any case, I'm working to resolve the signin issue as soon as possible.  If you have any information that might help me resolve the issue more quickly, it would be greatly appreciated.  And of course, once the issue is resolved, I will post again with any information that may help other developers who are experiencing IE8 cookie issues.

1 comment: