Cookie not renewing/overwriting in IE
- by deceze
I have a weird quirk with cookies in IE. When a user logs into the site, I'm generating a new session id and hence need to overwrite the cookie. The flow is basically:
Client goes to https://secure.example.com/users/login page, automatically receiving a session id
Client POSTs login credentials to same address
Client receives the following headers together with a 302 redirect to https://secure.example.com/users/mypage:
CAKEPHP=deleted; expires=Sun, 05-Apr-2009 04:50:35 GMT; path=/
CAKEPHP=98hnIO23...; expires=Mon, 12 Apr 2010 04:50:36 GMT; path=/; secure
Client is supposed to visit https://secure.example.com/users/mypage, presenting the new session id.
This works in all browsers, except IE (tested in 7 & 8). IE retains the old, unauthenticated session id, and is redirected back to the login page. It works on my local test environment (using a self-signed certificate at https://localhost:8443/...), but not on the live server.
I'm using CakePHP and simply issue a $this->Session->renew(), which produces the above cookie headers.
Any ideas how to get IE to accept the new cookie?