Cookies Are Not Saved If the Host Name Is Invalid

After you install Internet Explorer 5.01 Service Pack 1 (SP1) or later including (Internet Explorer 6, 7, 8, 9), cookies are not saved when you connect to a site such as:�

You cannot connect to the site because of a security enhancement that is documented in the following Microsoft Knowledge Base article: This change strictly enforces the domain name restrictions as defined in the Request for Comments (RFC) documents to prevent malicious Web sites from accessing cookies from another site. Cookies are also rejected if the domain that is specified by the cookie header does not contain at least one embedded period or if the domain is not a suffix of the document's domain.

Cookies are accepted if the path that is specified in the set cookie header is a prefix of the document's path and the domain that is specified in the set cookie header.

Cookies are also rejected if the expire time has passed.

If your host name contains an invalid character such as "_" you need to gain access to the site by using the IP address instead of the name, or change the host name to a valid name.

When a cookie is set with a domain attribute, it must be a FQDN (fully qualified domain name). If the domain specified does not contain at least one embedded period the cookie will not be supplied by Internet Explorer on the next request. Therefore you cannot use a NetBios name as a domain attribute when setting a cookie.


If the host name is valid, correct any of the other conditions that are described in the "Cause" section.

This behavior is by design.