I have 2 webservers, one with an SSO application and one with the core application. Both built on .Net 3.5.
Both sites have valid P3P.
Client machine is using IE 10 on Win 7. Also reproduced with Terminal server and IE 9, Windows 7 with IE 8 and 9.
I open Internet Explorer with fresh session. In the first tab I go to e.g. google.com
In the second tab I navigate to the SSO.
I log in and see (in div. tools like Fiddler2 and BurpSuite) that the cookie is issued.
However, during the redirect to the core application, the cookie is dropped.
During troubleshooting I can see that if I go back to the "google tab" (first tab), and type in the url for the core application, I am automatically logged in and the cookie is valid.
It seems that the cookie is not returned to the originating tab.
The problem could be related to this patch, however, the problem still occur after the patch has been deployed: http://support.microsoft.com/kb/2854669
This problem does not happen in IE if I only have one tab open. So if I navigate directly to this site in the first tab, I am logged in and can work as normal just fine.
To make it a bit more interesting, this problem does not happen in FireFox, Opera, Safari or Chrome.
And to make it even more interesting – in IE private browse mode, the problem does not happen.
I can fix this manually be implementing the "workaround" mentioned in this blog: http://blogs.msdn.com/b/askie/archive/2009/03/09/opening-a-new-tab-may-launch-a-new-process-with-internet-explorer-8-0.aspx.
Note that this workaround is not "enterprise-friendly" as I cannot instruct my customers to change the registry in order to use the core application.
It seems that IE has some trouble managing client cookies.
Anyone with an idea?