Does anyone know how can we make IE 11 to not share host-only cookies to sub-domains? Having this issue since we've moved our test system to a sub domain. It works fine in Google Chrome.
Found this website (http://debugtheweb.com/test/cookieinherit.aspx) for testing host-only cookies.
Here's the complete scenario;
Domain abc.com sets ASPSession_Id as Set-Cookie ASP.NET_SessionId=1234567890123456789; path=/; secure; HttpOnly and another custom cookie AuthToken as Set-Cookie AuthToken=12345678901234567890; path=/; HttpOnly=True;Secure=True;
Now if I go to test.abc.com it sends these two cookies as its own cookies. Technically it shouldn't as the above cookies when set from main domain it didn't set its domain so by default it should be host only, right?
If I have understand host-only cookie correctly from this post;https://stackoverflow.com/a/28320172/705947
Asked
Active
Viewed 387 times
1
c-sharp
- 523
- 1
- 7
- 22
2 Answers
1
Historically, IE never had a workaround for this, but it was fixed in Microsoft Edge in Windows 10 Redstone 3 (Fall 2017) and it was fixed for IE11 on Windows 10 in Redstone 4 (Spring 2018).
EricLaw
- 54,427
- 7
- 140
- 182
-
Thanks @EricLaw, for looking into it! – c-sharp Dec 26 '17 at 16:36
1
This appears to be fixed in IE as of Windows 10 Version 1803 / Spring Creators Update / Redstone 4.
I only noticed because of a new flag INTERNET_COOKIE_HOST_ONLY_APPLIED appearing in WinInet.h which prompted me to re-test this, and on pre-release Redstone 4 insider build 17120 IE does now appear to be working in the same way as other browsers.
sparrowt
- 2,077
- 20
- 18