Internet Explorer Doesn't Like Domains with Underscores, Won't Save Cookies
posted Feb 15, 2012 at 07:48:40 PM by Doug Gibson.
After many hours of working with securing my cookies on a Mura CMS site for work, clearing cookies, closing the browser, repeat - I could not get Internet Explorer to log in to the staging site. The login form just reloaded, starting a new session each time. This behavior is something I've experienced before when my laptop is low on resources, but it didn't clear up even after closing other apps and finally rebooting.
The temporary production site did not have this problem, however, so I synced up the latest secure cookies code and the production site and everything worked as expected in IE. IE is very developer unfriendly for viewing cookies and headers, and I was recommended a tool called Fiddler for debugging the cookies in IE. Upon viewing the cookies in Fiddler, the software itself threw up a warning that read:
!! WARNING !!: Server hostname contains an underscore and this response sets a cookie. Internet Explorer does not permit cookies to be set on hostnames containing underscores. See http://support.microsoft.com/kb/316112.
So I came away from this ordeal with two important lessons:
1. Don't use underscores in your domain names.
And...
2. Fiddler is a very useful tool for debugging headers and cookies for Internet Explorer.
Hopefully someone will read this post and be saved some time. I spent hours troubleshooting this problem, came up empty with a number of searches, and likely would have sunk more time if Fiddler did not alert me to the bug in IE.
