The problem was reported thus.
Internet Explorer is not storing session cookies for XYZ website. The session cookies are stored when we use Firefox.
Two hours later, I can tell you that:
- I learnt more about web cookies than I will ever need to know again.
- Firefox does things differently to Internet Explorer.
Gentle reader, Session Cookies are cookies which only exist for the time which your web browser is open for. They are deleted when you close your browser. They are often used to cache your user name and password.
If you don’t have your username/password cached, you repeatedly get prompted for it. Which is annoying. Hence the need for session cookies.
So I started investigating the cookies not being stored issue.. The first thing I noticed was that Internet Explorer wasn’t even bothering to write the cookie down to the local hard disk. So I broke out the network sniffer (Wireshark). It didn’t tell me much, as all the web traffic was encrypted.
The next step was to load up Fiddler, the Web Debugging Proxy. Fiddler allows you to inspect all the encrypted web traffic between your computer, and the rest of the world. The session cookie that the XYZ website was trying to push down, had the following details:
There are two issues with this session cookie:
- It sets an Expires date.
This normally means that it is a Persistent Cookie, and not a Session Cookie.
In other words, we should not see Expires in a session cookie. - The Expires date was set to a date/time in the past, which is not supported behaviour either.
So why does it work with Firefox then? – Firefox seems to be treating the expired Expires date as no date at all. So it defaults to a Session Cookie.
Internet Explorer? – A bit more complicated:
Some further reading:
The Unofficial Cookie FAQ
Wikipedia HTTP Cookies