Cookie not renewing/overwriting in IE

Posted by deceze on Stack Overflow See other posts from Stack Overflow or by deceze
Published on 2010-04-05T05:14:43Z Indexed on 2010/04/05 5:23 UTC
Read the original article Hit count: 340

I have a weird quirk with cookies in IE. When a user logs into the site, I'm generating a new session id and hence need to overwrite the cookie. The flow is basically:

  1. Client goes to https://secure.example.com/users/login page, automatically receiving a session id
  2. Client POSTs login credentials to same address
  3. Client receives the following headers together with a 302 redirect to https://secure.example.com/users/mypage:

    CAKEPHP=deleted; expires=Sun, 05-Apr-2009 04:50:35 GMT; path=/
    CAKEPHP=98hnIO23...; expires=Mon, 12 Apr 2010 04:50:36 GMT; path=/; secure

  4. Client is supposed to visit https://secure.example.com/users/mypage, presenting the new session id.

This works in all browsers, except IE (tested in 7 & 8). IE retains the old, unauthenticated session id, and is redirected back to the login page. It works on my local test environment (using a self-signed certificate at https://localhost:8443/...), but not on the live server.

I'm using CakePHP and simply issue a $this->Session->renew(), which produces the above cookie headers.

Any ideas how to get IE to accept the new cookie?

© Stack Overflow or respective owner

Related posts about internet-explorer

Related posts about cookies