Internet Explorer ignores cookies on some domains (cannot read or set cookies)

Internet Explorer ignores cookies on some domains (cannot read or set cookies)

青萝楚歌 发布于 2021-11-26 字数 858 浏览 771 回复 3 原文

I have a site, e.g. example.com, where users can set their own subdomains (one user - one subdomain) and upload their own scripts, e.g. http://somedomain.example.com/xyzzy.php would map to /www/somedomain/xyzzy.php

Now, on some of those domains, Internet Explorer 7 won't/can't accept cookies. Checked with Fiddler: the server sends Set-Cookie response correctly, yet the cookie never shows up in IE - for JS or Developer Tools. On request, IE7 doesn't send the Cookie header either.

The cookies are set for the user's domain (e.g. somedomain.example.com), path is /, tried different expiration options (past, future, current, "0"), are not HttpOnly, are not secure.

FF, Opera, Safari and Chrome all work without problems.

Why does IE ignore the cookies?

如果你对这篇文章有疑问,欢迎到本站 社区 发帖提问或使用手Q扫描下方二维码加群参与讨论,获取更多帮助。

扫码加入群聊

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

听你说爱我 2022-06-07 3 楼

The problem doesn't only apply for underscores in domain names, but also for domain names starting with a numeric digit. So 1aaaaaaa.tld is actually a non-standard domain name, which will cause IE to reject the cookie.

I solved it by using only www2.1aaaaaaa.tld, and then adding rewrite rules for the 1aaaaaaa.tld and www.1aaaaaaa.tld hosts in .htaccess. Don't know if that really qualifies as a standards-compliant solution.... but anyway, it seems to have solved the cookie problem.

Hope that helps someone!

为人所爱 2022-06-07 2 楼

According to RFC1035 (Domain names - implementation and specification):

[domain names] must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphen.

Turns out some of the domains had an underscore ( "_" ) in them: some_domain.example.com. Although this is a violation of the RFC, all other browsers work normally.

MSIE 7, on a domain with an underscore, silently drops all cookies for that host and refuses to accept new ones.

The only solution is to use RFC-compliant domains (I've replaced all the "_"s with "-"s and set up a RewriteRule so that traffic is redirected to the compliant domains).

弃爱 2022-06-07 1 楼

Does one of the subdomains use an underscore?
IE has problems accepting cookies from subdomains that don't follow the URI RFC.