Internet Explorer ignoring my cookies

Question

I am having a strange problem with Internet Explorer not accepting my cookies. This is the cookie:

set-cookie: USUSERNAME=LrceSVu6mUJ9Ztmvp4oKSQ%3D%3D; version="1"; expires=Mon, 15-Jun-2009 11:42:21 GMT; path=/; domain=.us.is

It does not get stored for the domain dev-intranet.us.is or any other us.is domain. However setting the domain of the cookie to my dev machines ip address works perfectly:

set-cookie: USUSERNAME=LrceSVu6mUJ9Ztmvp4oKSQ%3D%3D; version="1"; expires=Mon, 15-Jun-2009 08:41:58 GMT; path=/; domain=192.168.34.104

Everything works as expecten in Firefox, Opera, Safari and Chrome but not IE7

Any ideas whats going on here?

Btw. using WebObjects WOCookie to create the cookie.

Are you connecting to the dev server by IP address, or by host name? — Rowland Shaw, May 15 '09 at 10:12

score 9 · Accepted Answer · answered Jun 23 '09 at 14:44

9

The cookie in your example is for the "us.is" domain. IE ignores cookies set for two-letter domains. To be more exact, it seems to ignore cookies from domains with less than 5 characters (like yours: 2+2).

I remember this bug/feature from IE6 I believe, possibly earlier versions. Reading this, it looks like the behavior is still around in IE7.

An MSKB article suggesting an unpractical workaround can be found here: http://support.microsoft.com/kb/310676.

More practical is perhaps to get a longer domain name ;-) or to make sure users are always redirected to one canonical name, i.e. "www.us.is" and plant your cookies there.

answered Jun 23 '09 at 14:44

conny

9,973
6
38
47

I assumed that there would be a question about IE and two-letter domains on S.O. already, but in that case I wasn't able to find it. – conny Jun 23 '09 at 14:45
Yes this is because of the IE bug .. very good :) And the workaround suggested by MS does not work. We solved this be setting Firefox as a default browser .. luckily our applications are for inhouse use :) – Atli Páll Hafsteinsson Jul 15 '09 at 11:08

ebynum · Answer 2 · 2011-09-06T04:45:24.753

Some additional edge cases / details (tests done in IE8 using the Per Site Privacy Actions [Internet Options > Privacy > Sites] ):

The following domains are REJECTED:

  a.a
 aa.a
  a.aa
 aa.aa

with the error message:

You have entered an invalid domain. Domains must be in the Internet zone
and must use the HTTP or HTTPS protocol. URLs beginning with xn-- must
be valid IDN names.

Examples of valid domains:

  - www.treyresearch.net
  - http://treyresearch.net
  - fineartschool.net

The following domains are ACCEPTED:

aaa.a
aaa.aa
  a.aaa
 aa.aaa

   a.a.a
  a.a.aa
 a.aa.aa
aa.aa.aa

Further, and largely unrelated, Internet Explorer appears to refuse to accept domains that contain characters not allowed in the specification for domains. If (in a development environment, presumably), you have a domain that is invalid, IE does not like it.

The following domains are REJECTED:

a_a.aa
a%a.aa
a*a.aa
a=a.aa

with the error message: The site name you entered is not a valid IDN URL.

The testing seems to be limited to character validity and not arrangment validity, because the following domains are ACCEPTED:

aa-.aa
aa.aaa.
---.aa
-.---
---.-

Hope this helps people looking for details for why cookies aren't being set properly in IE7 / IE8 in one environment vs. another.

Thx a lot for this answer. I had the problem for more than one week with IE9. In my case it was the underscore in my sub-sub-domain name. — ownking, Jan 03 '12 at 20:21

Internet Explorer ignoring my cookies

2 Answers2