IE Forgets Cookies on Sub-Domains with an Underscore

Internet Explorer Fail LogoOk, so one more reason to hate IE: Internet Explorer fails to hold cookies when viewing URLs that have a sub-domain with an underscore. I found this when the project I'm developing just refused to hold on to a session when viewing the site from Internet Explorer. Almost all of the server-side technology I was using was new to me, so I lost a full day trying to figure out if it was ColdFusion 9, IIS7, or the ColdFusion on Wheels framework that was breaking the sessions before I found out that the IE browsers choke on underscores. FireFox and Chrome didn't care about the underscore, but IE6 through IE8 lost their session because they couldn't hold onto the cookies for the site.

So, if you're loosing your sessions in Internet Explorer, check your URL. I'm not sure if there are other characters besides an underscore that would cause the cookie loss, but it wouldn't surprise me.

 

Comments

Add Comment
Rick O's Gravatar Maybe there's a misplaced modifier going on, so I'm not understanding your true point, but ... yeah. Underscores aren't legitimate characters in hostnames -- only letters, numbers, and the hyphen are legit. Anything else is supposed to go through IDNA encoding. Is it really a surprise that IE chokes on invalid input?
Jon Hartmann's Gravatar @Rick O: Its not surprising that it fails to understand an invalid input, but it is a problem if the other common browsers don't have an issue with it. Its also a problem when the only identification of the address being invalid is when a small part of the application seems to act strangely. While I understand that the sub-domain "dev_test" is not a legal value, IE lets me browse to that domain, displays the contents, but it just doesn't save cookies from there. If the sub-domain was truly "invalid", shouldn't there be a more obvious sign that something was wrong? Also, whats the harm in letting the invalid sub-domain work? Chrome and FireFox don't seem to have an issue with it at all.

This post is also partly just to provide an answer for any one trying to figure out why there sessions might be disappearing in IE: I did a lot of Googling for various terms trying to figure out what was going on, and it wasn't until *after* I figured out what was going on that I was able to find a post or article stating that an underscore in the sub-domain was the cause of the problem.
Eric's Gravatar Thanks! I just had this issue.
  • Link
  • Posted By Eric
  • 9/30/09 2:20 PM
Luiz Vital's Gravatar Hey man!
Thanks for the post! It seemed unbelievable that this was happening with a site I developed... have never seem that mentioned before.
Surely if Microsoft implements any standard, it will do just half part of it, and poorly. Ridiculous!
Add Comment
Post a job. Find one. authenticjobs.com