I'm having a strange problem with cookies which are being sent and received properly but are inaccessible to JavaScript on Internet Explorer. Chrome, Firefox, Opera, and Safari JavaScript is fine.
Post to "http://wp.abc.example.com/content/sv2.cgi?id=1234", response sets cookies, issues 302 redirect:
HTTP/1.0 302 Moved Temporarily
Location: http://members.abc.example.com/abc/members/0912/07/news01.html
Set-Cookie: AID=1495763b4fc6d5f4290e2074ab1092f7; expires=Tue Feb 16 09:33:03 2010 GMT; path=/abc/members/0912/07/news01.html; domain=abc.example.com; ;
Set-Cookie: LEADENDDATE=20091218; expires=Tue Feb 16 09:33:03 2010 GMT; path=/abc/members/0912/07/news01.html; domain=abc.example.com; ;
Browser requests target page, including the cookies just sent.
GET /abc/members/0912/07/news01.html HTTP/1.1
Cookie: AID=1495763b4fc6d5f4290e2074ab1092f7; LEADENDDATE=20091218;
Host: members.abc.example.com
Run "javascript:alert(document.cookie);" in the browser address bar.
On IE, and IE only, the cookies aren't there. Other browsers are fine. This is true for IE6, 7, and 8.
So in summary,
The "wp.abc.example.com" sets a cookie on "abc.example.com", which is sent to the server in requests on "members.abc.example.com", but not visible to JavaScript on that page.
Why?
I thought maybe instead of "abc.example.com" the cookie should be set on ".abc.example.com" to allow subdomain matching, but even so it's being sent in the "members.abc.example.com" request header.
Basically it's acting as though "HttpOnly" is set on the cookie, even though from the Set-Cookie header example shown above, that flag is not included. Does the extra ";" maybe have some effect?
Eric Law wrote up a good article on IE's various cookie-handling quirks a while back. One of the questions he answers appears as though it may apply to your scenario:
Q8: Are there any limits to the HTML DOM document.cookie property?
A: [...]
Also, due to an obscure bug in the underlying WinINET InternetGetCookie implementation, IE’s document.cookie will not return a cookie if it was set with a path attribute containing a filename.
[...]
Note that your paths do include filenames:
Set-Cookie: AID=1495763b4fc6d5f4290e2074ab1092f7; expires=Tue Feb 16 09:33:03 2010 GMT; path=/abc/members/0912/07/news01.html; domain=abc.example.com; ;
Set-Cookie: LEADENDDATE=20091218; expires=Tue Feb 16 09:33:03 2010 GMT; path=/abc/members/0912/07/news01.html; domain=abc.example.com; ;
I suggest you try setting the cookies with filename-free paths, and see if that doesn't help...
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With