Log in fails – cookie is not sent to originating tab

Hi all!

I have 2 webservers, one with an SSO application and one with the core application. Both built on .Net 3.5.
Both sites have valid P3P.

Client machine is using IE 10 on Win 7. Also reproduced with Terminal server and IE 9, Windows 7 with IE 8 and 9.

I open Internet Explorer with fresh session. In the first tab I go to e.g. google.com
In the second tab I navigate to the SSO.
I log in and see (in div. tools like Fiddler2 and BurpSuite) that the cookie is issued.
However, during the redirect to the core application, the cookie is dropped.
During troubleshooting I can see that if I go back to the "google tab" (first tab), and type in the url for the core application, I am automatically logged in and the cookie is valid.
It seems that the cookie is not returned to the originating tab.
The problem could be related to this patch, however, the problem still occur after the patch has been deployed: http://support.microsoft.com/kb/2854669

This problem does not happen in IE if I only have one tab open. So if I navigate directly to this site in the first tab, I am logged in and can work as normal just fine.
To make it a bit more interesting, this problem does not happen in FireFox, Opera, Safari or Chrome.
And to make it even more interesting – in IE private browse mode, the problem does not happen.
 
I can fix this manually be implementing the "workaround" mentioned in this blog: http://blogs.msdn.com/b/askie/archive/2009/03/09/opening-a-new-tab-may-launch-a-new-process-with-internet-explorer-8-0.aspx.

Note that this workaround is not "enterprise-friendly" as I cannot instruct my customers to change the registry in order to use the core application.

It seems that IE has some trouble managing client cookies.

Anyone with an idea?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s