[thelist] IE discards cookies if no-cache?

Dougal Campbell dougal at gunters.org
Thu Jan 27 15:25:09 CST 2005

Simon Perry wrote:
> Dougal Campbell wrote:
>> Is there something about IE that keeps it from saving persistent 
>> cookies set from an https page?
> I think no-cache is not the cause of your woes. More likely to be the 
> privacy settings on your browser and or a lack of a short machine 
> readable privacy policy. I have found view -> privacy report to be very 
> enlightening in IE. It can be accessed from the top text menu. Third 
> party security apps and spyware blockers can also cause problems. Have 
> you access to other machines to test the behavior on?

Hmm, well as I said before, I had already ruled out the no-cache 
headers. But the P3P stuff is a possibility.

We've worked around the problem by setting the cookie in a non-SSL page. 
But I still can't locate any documentation to verify that IE treats 
cookies from secure pages differently than ones from a non-secure page. 
And the behavior observed seems bass-ackwards, to me (wouldn't you 
"trust" a cookie from an SSL page more than one from an insecure one?).

I haven't had time yet to try creating a compact P3P policy and testing 
whether it affects the browser's behavior. But as a data-point, when I 
viewed the original SSL page, View/Privacy Report said that cookies were 
allowed. And in fact, the browser *would* get the cookie, it's just that 
it didn't save it beyond the current browser session.

Dougal Campbell <dougal at gunters.org>

More information about the thelist mailing list