Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Internet Explorer does not accept cookies from certain domain names


View products that this article applies to.

Symptoms

A user opens a webpage from http://servername.xxx.yy. The web site at that address sets a cookie and specifies "xxx.yy" as the domain for that cookie.  However, Internet Explorer does not save the cookie information.

 

↑ Back to the top


Cause

For security reasons, Internet Explorer does not save cookie data for domains like xxx.yy, where .yy is a two-letter country code domain and the three letters xxx are one of the generic top level domain names: com, edu, gov, int, mil, net, or org.  Domains of this form are treated as top level domains, effectively a country-specific version of the generic top level domain.  For security reasons, wininet prevents setting cookies for such domains.  In this case, xxx.yy is effectively a top level domain, and is protected in the same way as ".com" would be.

 

↑ Back to the top


Resolution

This behavior is by design.

 

↑ Back to the top


More information

Following is a sample scenario:

  1. A user opens Internet Explorer 6.0, 7.0, or 8.0 and browses to http://contoso.gov.hu
  2. Client-side script in the web application at http://contoso.gov.hu calls document.cookie = "name=value;domain=gov.hu" to set a cookie.
  3. The cookie is not saved on the user's machine.  In this case, gov.hu is recognized as an effective Top Level domain.

 

For more information about Generic Top-Level Domains, please see:

Top Level Domains
http://www.icann.org/en/tlds/

 

For more information on Internet Explorer and two-letter domains, please see: 

Internet Explorer does not set a cookie for two-letter domains
http://support.microsoft.com/default.aspx?scid=kb;EN-US;310676

 

For more information on the HTTP State Management Mechanism, please see:

HTTP State Management Mechanism
http://www.ietf.org/rfc/rfc2109.txt

 

 

↑ Back to the top


Keywords: KB2004188

↑ Back to the top

Article Info
Article ID : 2004188
Revision : 10
Created on : 1/16/2013
Published on : 1/16/2013
Exists online : False
Views : 400