Steps to reproduce
The problem was first noted on an internal enterprise server running Server 2012 Terminal Services with RDWeb. The problem can be reproduced on any website which requires cookies for operation where the URL provided to IE has an underscore in the host portion of the name. OWA is another notable example.
The URL which originally provided the problem was https://rlw-wsv-ts_test/RDweb.
Logging in would cause the client to be taken back to the login screen. Capturing data with fiddler indicated the server (IIS8) requested to set a cookie, and that subsequently, the client (IE10) did not reply with the cookie.
One of three things would be reasonable to expect:
- At the very least, one would think IE could provide a warning that it won’t be accepting cookies for this domain due to an underscore in the host portion of the URL.
- Provide the user a warning and an option to choose to allow cookie transactions with the current site for the domain in question.
- Realize 80%+ of users would click yes anyway and go the Chrome/Firefox way and make it function as the user already intuitively expects (cookies are accepted for the appropriate domain)
Perhaps less reasonable would be to accept cookies in an “inPrivate” mode, where new cookies can be set for the session, but not saved. This would be less functional long term but would suffice in many cases.
Comments and activity
- Microsoft Edge Team
Changed Assigned To to “Forbes H.”
Changed Status to “By design”
Dupe of https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/106235/ incidentally