[thelist] IE discards cookies if no-cache?
Dougal Campbell
dougal at gunters.org
Thu Jan 27 15:25:09 CST 2005
Simon Perry wrote:
> Dougal Campbell wrote:
>> Is there something about IE that keeps it from saving persistent
>> cookies set from an https page?
>>
> I think no-cache is not the cause of your woes. More likely to be the
> privacy settings on your browser and or a lack of a short machine
> readable privacy policy. I have found view -> privacy report to be very
> enlightening in IE. It can be accessed from the top text menu. Third
> party security apps and spyware blockers can also cause problems. Have
> you access to other machines to test the behavior on?
Hmm, well as I said before, I had already ruled out the no-cache
headers. But the P3P stuff is a possibility.
We've worked around the problem by setting the cookie in a non-SSL page.
But I still can't locate any documentation to verify that IE treats
cookies from secure pages differently than ones from a non-secure page.
And the behavior observed seems bass-ackwards, to me (wouldn't you
"trust" a cookie from an SSL page more than one from an insecure one?).
I haven't had time yet to try creating a compact P3P policy and testing
whether it affects the browser's behavior. But as a data-point, when I
viewed the original SSL page, View/Privacy Report said that cookies were
allowed. And in fact, the browser *would* get the cookie, it's just that
it didn't save it beyond the current browser session.
--
Dougal Campbell <dougal at gunters.org>
http://dougal.gunters.org/
More information about the thelist
mailing list