none
IE7 cookie problem

    Question

  • Can anyone help with the following.

    When I log on to a web page,  a session is created and saved using in-proc cookies which are saved in the IE7 client browser. When a new window is opened in the same session and then closed, the cookies are deleted and the session is lost, even though the first window is still opened. The session was not closed. This happens only on certain  PCs, not always and only with IE7
    . This problem is only with IE7, all other browsers are ok. Is this a problem we have to put up with or will it be fixed by the IE developers?

    greetings
    Sunday, February 11, 2007 1:15 PM

Answers

  • Thanks for the feedback.

     

    This is a known problem in IE when you have a local homepage or open IE from a file on disk, rather than starting IE by navigating to a remote site.  The KB article will be published when the patch is available (we're working on this issue now).

     

    Thanks,

     

    Eric

    Monday, May 07, 2007 8:08 PM

All replies

  • Please take a capture with Fiddler (www.fiddlertool.com/fiddler/help/log.asp) and send it to me (ericlaw @ microsoft).  Thanks!

    Eric Lawrence

    PM - IE Networking

    Friday, February 16, 2007 7:26 AM
  • I'm not sure if I sent the mail to the right address, I sent it to ericlaw@microsoft.com, I assume your address is at .com

    regards

    Friday, February 16, 2007 1:56 PM
  • I am having the same problem -so if there is a fix, please let me know too.
    Thursday, March 15, 2007 9:55 PM
  • This is an IE7 bug. The session cookies are getting deleted when you close a window. At the moment no fix exists accept not to use cookies for your session variables. The problem only exists on certain computers. The problem will not occur as often if you change your settings in Tools/Internet Options/General/Browser History Settings/Everytime I visit the web page.

    A suggestion from a microsoft help suggests that the start home page in the IE7 should be set to a internet page and not a local file. When you open your IE7, does your set default home page open, if not download the script to fix this supplied here http://www.enhanceie.com/ie/troubleshoot.asp
    Wednesday, March 21, 2007 2:07 PM
  • This sounds like a big problem.  Why hasn't Microsoft come up with a patch yet?  I can understand if this was an issue with an off brand computer, but my computer is a 4 month old Dell Demension. 

     

    Would I be better off reloading with an older version of IE?  Right now I have to use FireFox for half of the websites I go to for my company work -it's a true pain to have two web browsers to switch between.  Especially when I've gone through 3 webpages to upload information to the company website (which takes 2 minutes) and at the end it says my session has expired which is set for 20 minutes.  Then I have to load FoxFire and redo my work.  You're going to lose me as an IE user if there isn't a patch soon!

    Friday, March 30, 2007 8:35 PM
  • Have the same problem my self with a couple of sites.

    When closing popup-window it deletes the session-cookie from the original window. Must login again.

     

    Is this designed or a bug that will be fixed?

     

    Works like a charm with ie6 and firefox.

    Have stopped IE7 until problem solved.

    Tuesday, April 03, 2007 12:06 PM
  • I have the same problem. My company has an ASP.NET web app that uses popup windows for some of its features. Sometimes (but not always) when an IE7 user opens one of those popups, their session is lost in both the popup and the main window. It works fine in Firefox, Safari, and IE6. I can't find any info about this problem, other than this thread.

     

    What is the cause of the problem? Are there any workarounds? When is a patch going to be available?

     

    Thanks,

    Josh Yeager

    Tuesday, April 10, 2007 8:46 PM
  • Is anyone routinely encountering this issue with a non-local homepage specified in your Internet Options?
    Wednesday, April 18, 2007 6:01 AM
  • I had a local homepage, and about once a week it would start doing this. It would keep doing it for a while, and then stop.

     

    About a week ago, I changes my homepage to be an Internet site, and the problem hasn't happened since. But, it hasn't been long enough for me to definitively say that the problem is gone.

    Wednesday, April 18, 2007 12:40 PM
  • I'm experiencing the same problem. My company delivers an Asp.Net based portal application that makes some use of encrypted session cookies. This application is used by hospital patients e.g. to schedule appointments and obtain personalised patient-information. As you will understand we can not influence browser-settings of our end-users (as we don't know them) . Tests with IE7 showed us the the deleted session cookie problem as described.  

     

    Can you tell me how you know this is an IE7 bug? Is there a bug-report available somewhere? Does anyone know why Asp.Net FormsAuthentication does not suffer from the same problem ?

     

    Thanx

     

    Thursday, April 19, 2007 9:24 PM
  • I also see this problem and have clients that do as well.  We all have local homepages and use IE7 on XP SP2.  I don't experience this problem on my home PC, which has Vista Utlimate Edition.  No combination of settings, homepages, and scenarios made this problem appear on Vista.

     

    Using a local homepage, this problem shows up when I navigate to a site by clicking on the link from the local homepage.  However, the problem doesn't show up if I manually type in the URL and use the site from there (regardless of local vs. non-local homepage).

     

    When I specify a non-local homepage and change no other setting, the problem goes away completely.  It's a night and day difference in behavior, so it does seem as if having a local homepage is the difference.

     

    Is there any acknowledgement from Microsoft on this behavior/problem, and/or possibly a fix for it?  A KB article would help explain the issue, provide workarounds, and help set expectations for those impacted by this.

     

    Outstanding work on Fiddler.

    Sunday, April 29, 2007 4:37 AM
  • Thanks for the feedback.

     

    This is a known problem in IE when you have a local homepage or open IE from a file on disk, rather than starting IE by navigating to a remote site.  The KB article will be published when the patch is available (we're working on this issue now).

     

    Thanks,

     

    Eric

    Monday, May 07, 2007 8:08 PM
  • What's the staus of this issue? When are you going to release the fix?
    Wednesday, July 04, 2007 10:30 AM
  • I had this problem - adding the domain in question to the IE7 'trusted sites' fixed it...
    Tuesday, August 07, 2007 10:47 AM
  • I'm getting this error when my home page is set to gmail and an external site has a frame pointing to another site. that other site happens to be my site and my cookies are deleted. I also noticed that the set-cookie header expiration value was a over 12 hours old. causing the cookie to expire. on firefox the header showed 2 hours in the future as it was set in the asp.net code.
    Tuesday, August 07, 2007 11:13 PM
  • p.s. didn't really fix it - only for a while - the problem seems to occur randomly
    Monday, August 13, 2007 2:45 PM
  • Eric, it has been a long time since you posted this...

     

    What is the KB Article?

     

    I think, but am not 100% sure, this problem started for me once I installed CA's Internet Security Suite? However, FireFox works fine.

     

    Any resolution on this?

     

    Saturday, August 25, 2007 2:11 PM
  • Almost a month has passed Eric.  What's up with that fix?

    I had a web application running in IE6: then I upgraded to IE7.  Now my clients have to log in for every transaction just because the receipt was in a popup window. My clients don't like having to log in everytime they complete a transaction.

    I guess I'll just install Firefox on all my clients computers.  I didn't need this pain.

    Marvin

    /PANIC now, avoid the rush.
    Wednesday, September 19, 2007 3:17 AM
  • I Had this problema now with my cookies that expires in 15 min and the problem only occours in some computers, and i solved adjusting the timezone of this computers, my case is that here in Brazil the timezone change and is needed to be fixed with tzedit.exe http://support.microsoft.com/kb/914387

    Hope this help someone.
    Monday, October 22, 2007 7:49 PM
  • It seems IE7 has some issues keeping some sessions cookies correctly. Some people have described this as a time zone issue some others as a local homepage issue. my problem is that some of my users are logged in to the intranet site using IE7. But after sometime they start getting js errors that occur when trying to execute actions that normally rely on some session information kept in cookies. This is only happening with some machines, the only constant are the information that is needed to complete the action and the browser IE7. is there any info out there on how to defeat this?
    Thursday, December 06, 2007 6:22 PM
  • Hi Eric,

     

    I know it's been 9 months since you asked this question, but I routinely face this problem (100% of the time) irrespective of whether my home page is local, internet, or just 'about:blank'. I've played around with security settings as well, but to no avail. It's a weird problem, because I don't face this issue on another system. Both systems are running IE7 on Windows XP Pro SP2.

     

    -Aditya

     

    Friday, January 11, 2008 3:21 AM
  • I am having the problem where IE7 does not save cookies.  I have tried all the settings and now have the internet sites set to allow all cookies and still they don't get saved.  I have verified this by logging into hotmail and checked save password then gone into the cookies folder.  Does anyone have a fix for this?

    Thanks

    Thursday, January 31, 2008 2:42 PM
  • Just Curious is there is any update on this problem. 

     

    I have this problem constantly. One work around I have found it open another window/tab to any other site and never close it.  That keeps the cookies in place.  It seems a rather major blunder to have not caught this problem.

     

    Maybe they will fix the problem in IE8 and just ignore IE7.

     

    Thanks

    Friday, September 05, 2008 6:43 PM
  • I've just tested one of the sure-fire ways I could break IE7, and it doesn't break in IE8b2.

    I'm cautiously optimistic...

     

    Dan.

    Tuesday, September 09, 2008 10:14 AM
  •  

    Anyone have an update on this issue? I tried using IE8beta 2 and I was having too many issues, website browser kept coming up with errors and closing.
    Friday, September 19, 2008 1:41 PM
  •  

    Eric,

           Iam using Vista32 and IE7, really struggle with loading and also it is very slow...

     

    Give me some guideline and fix this

     

    Hope your are fixed that above mentioned issue.

     

    Thanks,

    -Mani

    Wednesday, October 01, 2008 10:18 AM
  • Hi everybody,
    I got the same problem, spent debugging whole day and solved it.
    The problem was that my friend couldn't log in to the web site where form authentication was implemented and ticket was encrypted and stored on client side. 
    During debug i noticed that attached cookie was already expired. (My computer showed 18:25 and cookie showed 11:55)
    I thought that reason was in client and server time zone. Changed code from

      if (chkRememberMe.Checked)
                {
                    ticket = new FormsAuthenticationTicket(1, 
                        u.ID.ToString(), DateTime.Now, DateTime.Now.AddDays(7), true,
                        UserGr.UserGroupName);
                    Session.Timeout = 7 * 24 * 60;
                }
                else
                {
                    ticket = new FormsAuthenticationTicket(1,
                        u.ID.ToString(), DateTime.Now, DateTime.Now.AddMinutes(30), true,
                        UserGr.UserGroupName);
          Session.Timeout = 30;
      }
              

    to

    if (chkRememberMe.Checked)
                {
                    ticket = new FormsAuthenticationTicket(1, 
                        u.ID.ToString(), DateTime.Now, DateTime.Now.AddDays(7).ToUniversalTime(), true,
                        UserGr.UserGroupName);
                    Session.Timeout = 7 * 24 * 60;
                }
                else
                {
                    ticket = new FormsAuthenticationTicket(1,
                        u.ID.ToString(), DateTime.Now, DateTime.Now.AddMinutes(30).ToUniversalTime(), true,
                        UserGr.UserGroupName);
          Session.Timeout = 30;
      }
      

    But it didn't work. Because i got check for persistance of ticket below which was as

    if (ticket.IsPersistent) cookie.Expires = ticket.Expiration;
    Response.Cookies.Add(cookie);


    So at last i corrected the code above as


    if (chkRememberMe.Checked)
                {
                    ticket = new FormsAuthenticationTicket(1, 
                        u.ID.ToString(), DateTime.Now, DateTime.Now.AddDays(7).ToUniversalTime(), true,
                        UserGr.UserGroupName);
                    Session.Timeout = 7 * 24 * 60;
                }
                else
                {
                    ticket = new FormsAuthenticationTicket(1,
                        u.ID.ToString(), DateTime.Now, DateTime.Now.AddMinutes(30).ToUniversalTime(), false,
                        UserGr.UserGroupName);

          Session.Timeout = 30;
      }


    My advise is to note set cookie's expiration less than 24 hours (who knows where from your clients can be)
    Monday, November 24, 2008 4:33 PM
  • Hello,

    We are facing the same problem with our intranet,

    is there any patch or any solution for this problem

    Thanks in advance
    • Proposed as answer by Sumit Mehra Monday, August 03, 2009 8:52 AM
    Thursday, February 05, 2009 12:56 PM
  • Hello Everybody,

    I've found a Solution to the problem.
    There's a setting in Internet Explorer 7.

    Goto
    Internet Options >> Privacy >> Advanced
    Click --> Override Automatic Cookie Handling
                  ( Make Sure it is Checked )

    For First Party & Third Party Cookies Select Accept as an option.

    Click --> Always Allow Session Cookies.
                  ( Make Sure it is Checked )

    Click on OK. 
    Now your Session Cookies won't get Automatically Deleted.
    Monday, August 03, 2009 9:00 AM
  • Was there ever a hotfix or permanent solution offered for this issue?  Our clients have been experiencing this issue and I'd like to be able to offer a solid explanation and fix besides 'upgrade your browser'.  These clients work in healthcare and do not have the freedom to upgrade on the fly as it were

    Thanks in Advance
    Thursday, October 08, 2009 2:12 PM
  • Thanks Sumit, your solution worked for me. I spent 8 hrs thinking my app had a bug in it until I decided to try Firefox and my app worked fine. So I googled around and found this thread.

    The problem happens for me on IE7 and IE8. On some computers running IE7 & IE8 all works fine. Using Sumit's solution my app runs fine on all my computers.

    My app is a FaceBook app written in JSP running on Tomcat. The problem showed up for me when I launch the app from FB. The app entry page sets an attribute (session.setAttribute("foo", val)), but on the subsequent pages the session was different, so the attributes weren't available.

    What a pain. Now I have to instruct my users to follow Sumit's steps or use Firefox - neither solution is ideal.

    I'm surprised this wasn't fixed in IE8.

    --Bob

    Friday, December 11, 2009 9:14 AM
  • Dear Friends,

    I think I'm very late to add my comments/problem in this thread. But I'm desperately searching for the help with the same issue but with SAFARI browser.

    Below is my issue, please review and let me know If anyone of you can help me.

     

    I'm working for a website which uses cookies to store the logged in user's information.
    i.e. When user log-in, if he has a valid login/password we create cookies for the UserID,CustID and etc..to be used throughout the website and delete those cookies when user clicks LOGOUT button.

    But users has started complating that they are getting error("Incorrect syntax near..."). I have reviewed the error and found that
    it is because of cookies getting expired due to which the sql quries in website does not get values for custid or userid.
    They all are using SAFARI browser with MAC machine. They have recently updated Safari browser to 4.0.5 version.
    I have thoroughly tested website on my machine with SAFARI 4.0.5, but could not reproduce the error.
    So, I'm confused if it is happening with SAFARI with MAC, SAFARI or just MAC.

     

    GREAT THANKS IN ADVANCE.

    RR

    Monday, April 19, 2010 2:25 PM