Cookies expire immediately

  • Thread starter Thread starter Martin
  • Start date Start date
M

Martin

Hi,

(UK)
I have a customer with a strange problem.

Some time ago this customer decided to run all their
systems (servers & clients) at GMT (Greenwich Mean Time),
and not BST (British Summer Time - also called DST,
Daylight Savings Time, I beleive). As we in the UK are
now in BST, this caused all sorts of problems with
Exchange appointments etc - as you can imagine.

Anyway - that is all resolved, and they are happy running
GMT.

Now, they need to access a secure web site in the US,
which runs through a convoluted logon process. At the
final logon screen, after entering credentials, they are
dumped back to the previous logon screen, (no error
messages etc)

From the machine at my office, (running GMT + DST offset)
I can access the site with no problems.

All machines are XPSP1, IE 6, with all latest windows
updates + patches to the OS and IE.

After some investigation, I found that the customer could
access the secure site using Netscape without any
problems at all. But IE 6 failed everytime.

Spent time tweaking privacy settings etc to no avail,
before thinking about the time issue.

It turns out, that because the customer is running GMT,
they have artifically rolled forward all their clocks (by
1 hour) so it appears that they are running at the same
time as everyone else. On 1 machine, I rolled back the
clock by an hour, and hey presto, was able to acccess the
site. I found that the site drops a cookie which
expires after 30 minutes.

So it appears that without rolling the time back, the
cookie is expiring before it is used - hence access to
the site is denied. But surely IE should time stamp the
cookie according to the system time (whatever it is), and
it should always expire after it has been written.
Netscape appears to handle it this way.

Please advise if you consider this an issue with IE, or
perhaps a web site coding issue.

Many thanks,

Martin.
 
Thanks Benny.

-----Original Message-----
Dear Martin,

Thank you for your posting.

Based on the description, Internet Explorer 6 implements advanced cookie
filtering based on the Platform for Privacy Preferences (P3P)
specification. Internet Explorer 6 implements the P3P version 1.0 compact
policy specification to gather metadata about a Web site's intended use of
cookie information. The P3P specification, developed by the World Wide Web
Consortium (W3C), enables you to express your privacy preferences while
assisting Web sites in clearly describing, in a computer- readable format,
how they will use your data. For information about P3P, please see the
following Web site:

http://www.w3.org/P3P

Internet Explorer 6 will notify you of Web sites that do not satisfy your
privacy settings. This article describes how to manage your privacy (or
cookie) settings in Internet Explorer 6. For information about the default
privacy settings in Internet Explorer 6, please see the following article
in the Microsoft Knowledge Base:

293222 The Default Privacy Settings for Internet Explorer 6
http://support.microsoft.com/?id=293222

More Information:
===============
283185 How to Manage Cookies in Internet Explorer 6
http://support.microsoft.com/?id=283185

260971 Description of Cookies
http://support.microsoft.com/?id=260971

293222 The Default Privacy Settings for Internet Explorer 6
http://support.microsoft.com/?id=293222

Hope the above information is helpful.

Thanks and have a good day!

Regards,

Benny Fu
Microsoft Online Partner Support
Microsoft Corporation
Get Secure! - www.microsoft.com/security

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Content-Class: urn:content-classes:message
| From: "Martin" <[email protected]>
| Sender: "Martin" <[email protected]>
| Subject: Cookies expire immediately
| Date: Tue, 29 Jul 2003 05:01:24 -0700
| Lines: 56
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcNVySJJtwhUpwGnSR+k2cF010BCPA==
| Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl
microsoft.public.windows.inetexplorer.ie6.browser:140205
| NNTP-Posting-Host: TK2MSFTNGXA12 10.40.1.164
| X-Tomcat-NG: microsoft.public.windows.inetexplorer.ie6.browser
|
| Hi,
|
| (UK)
| I have a customer with a strange problem.
|
| Some time ago this customer decided to run all their
| systems (servers & clients) at GMT (Greenwich Mean Time),
| and not BST (British Summer Time - also called DST,
| Daylight Savings Time, I beleive). As we in the UK are
| now in BST, this caused all sorts of problems with
| Exchange appointments etc - as you can imagine.
|
| Anyway - that is all resolved, and they are happy running
| GMT.
|
| Now, they need to access a secure web site in the US,
| which runs through a convoluted logon process. At the
| final logon screen, after entering credentials, they are
| dumped back to the previous logon screen, (no error
| messages etc)
|
| From the machine at my office, (running GMT + DST offset)
| I can access the site with no problems.
|
| All machines are XPSP1, IE 6, with all latest windows
| updates + patches to the OS and IE.
|
| After some investigation, I found that the customer could
| access the secure site using Netscape without any
| problems at all. But IE 6 failed everytime.
|
| Spent time tweaking privacy settings etc to no avail,
| before thinking about the time issue.
|
| It turns out, that because the customer is running GMT,
| they have artifically rolled forward all their clocks (by
| 1 hour) so it appears that they are running at the same
| time as everyone else. On 1 machine, I rolled back the
| clock by an hour, and hey presto, was able to acccess the
| site. I found that the site drops a cookie which
| expires after 30 minutes.
|
| So it appears that without rolling the time back, the
| cookie is expiring before it is used - hence access to
| the site is denied. But surely IE should time stamp the
| cookie according to the system time (whatever it is), and
| it should always expire after it has been written.
| Netscape appears to handle it this way.
|
| Please advise if you consider this an issue with IE, or
| perhaps a web site coding issue.
|
| Many thanks,
|
| Martin.
|
|

.
Click to expand...
 
Dear Martin,

You are welcome! Have a good day! :)

Regards,

Benny Fu
Microsoft Online Partner Support
Microsoft Corporation
Get Secure! – www.microsoft.com/security

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Content-Class: urn:content-classes:message
| From: "Martin" <[email protected]>
| Sender: "Martin" <[email protected]>
| References: <[email protected]>
<[email protected]>
| Subject: RE: Cookies expire immediately
| Date: Wed, 30 Jul 2003 00:57:09 -0700
| Lines: 167
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="iso-8859-1"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
| Thread-Index: AcNWcC2JtyPWSir2SbaHLIiGvh/+Ig==
| Newsgroups: microsoft.public.windows.inetexplorer.ie6.browser
| Path: cpmsftngxa06.phx.gbl
| Xref: cpmsftngxa06.phx.gbl
microsoft.public.windows.inetexplorer.ie6.browser:140632
| NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
| X-Tomcat-NG: microsoft.public.windows.inetexplorer.ie6.browser
|
| Thanks Benny.
|
|
| >-----Original Message-----
| >Dear Martin,
| >
| >Thank you for your posting.
| >
| >Based on the description, Internet Explorer 6 implements
| advanced cookie
| >filtering based on the Platform for Privacy Preferences
| (P3P)
| >specification. Internet Explorer 6 implements the P3P
| version 1.0 compact
| >policy specification to gather metadata about a Web
| site's intended use of
| >cookie information. The P3P specification, developed by
| the World Wide Web
| >Consortium (W3C), enables you to express your privacy
| preferences while
| >assisting Web sites in clearly describing, in a computer-
| readable format,
| >how they will use your data. For information about P3P,
| please see the
| >following Web site:
| >
| >http://www.w3.org/P3P
| >
| >Internet Explorer 6 will notify you of Web sites that do
| not satisfy your
| >privacy settings. This article describes how to manage
| your privacy (or
| >cookie) settings in Internet Explorer 6. For information
| about the default
| >privacy settings in Internet Explorer 6, please see the
| following article
| >in the Microsoft Knowledge Base:
| >
| >293222 The Default Privacy Settings for Internet
| Explorer 6
| >http://support.microsoft.com/?id=293222
| >
| >More Information:
| >===============
| >283185 How to Manage Cookies in Internet Explorer 6
| >http://support.microsoft.com/?id=283185
| >
| >260971 Description of Cookies
| >http://support.microsoft.com/?id=260971
| >
| >293222 The Default Privacy Settings for Internet
| Explorer 6
| >http://support.microsoft.com/?id=293222
| >
| >Hope the above information is helpful.
| >
| >Thanks and have a good day!
| >
| >Regards,
| >
| >Benny Fu
| >Microsoft Online Partner Support
| >Microsoft Corporation
| >Get Secure! - www.microsoft.com/security
| >
| >This posting is provided "AS IS" with no warranties, and
| confers no rights.
| >
| >--------------------
| >| Content-Class: urn:content-classes:message
| >| From: "Martin" <[email protected]>
| >| Sender: "Martin" <[email protected]>
| >| Subject: Cookies expire immediately
| >| Date: Tue, 29 Jul 2003 05:01:24 -0700
| >| Lines: 56
| >| Message-ID: <[email protected]>
| >| MIME-Version: 1.0
| >| Content-Type: text/plain;
| >| charset="iso-8859-1"
| >| Content-Transfer-Encoding: 7bit
| >| X-Newsreader: Microsoft CDO for Windows 2000
| >| X-MIMEOLE: Produced By Microsoft MimeOLE
| V5.50.4910.0300
| >| Thread-Index: AcNVySJJtwhUpwGnSR+k2cF010BCPA==
| >| Newsgroups:
| microsoft.public.windows.inetexplorer.ie6.browser
| >| Path: cpmsftngxa06.phx.gbl
| >| Xref: cpmsftngxa06.phx.gbl
| >microsoft.public.windows.inetexplorer.ie6.browser:140205
| >| NNTP-Posting-Host: TK2MSFTNGXA12 10.40.1.164
| >| X-Tomcat-NG:
| microsoft.public.windows.inetexplorer.ie6.browser
| >|
| >| Hi,
| >|
| >| (UK)
| >| I have a customer with a strange problem.
| >|
| >| Some time ago this customer decided to run all their
| >| systems (servers & clients) at GMT (Greenwich Mean
| Time),
| >| and not BST (British Summer Time - also called DST,
| >| Daylight Savings Time, I beleive). As we in the UK
| are
| >| now in BST, this caused all sorts of problems with
| >| Exchange appointments etc - as you can imagine.
| >|
| >| Anyway - that is all resolved, and they are happy
| running
| >| GMT.
| >|
| >| Now, they need to access a secure web site in the US,
| >| which runs through a convoluted logon process. At the
| >| final logon screen, after entering credentials, they
| are
| >| dumped back to the previous logon screen, (no error
| >| messages etc)
| >|
| >| From the machine at my office, (running GMT + DST
| offset)
| >| I can access the site with no problems.
| >|
| >| All machines are XPSP1, IE 6, with all latest windows
| >| updates + patches to the OS and IE.
| >|
| >| After some investigation, I found that the customer
| could
| >| access the secure site using Netscape without any
| >| problems at all. But IE 6 failed everytime.
| >|
| >| Spent time tweaking privacy settings etc to no avail,
| >| before thinking about the time issue.
| >|
| >| It turns out, that because the customer is running
| GMT,
| >| they have artifically rolled forward all their clocks
| (by
| >| 1 hour) so it appears that they are running at the
| same
| >| time as everyone else. On 1 machine, I rolled back
| the
| >| clock by an hour, and hey presto, was able to acccess
| the
| >| site. I found that the site drops a cookie which
| >| expires after 30 minutes.
| >|
| >| So it appears that without rolling the time back, the
| >| cookie is expiring before it is used - hence access to
| >| the site is denied. But surely IE should time stamp
| the
| >| cookie according to the system time (whatever it is),
| and
| >| it should always expire after it has been written.
| >| Netscape appears to handle it this way.
| >|
| >| Please advise if you consider this an issue with IE,
| or
| >| perhaps a web site coding issue.
| >|
| >| Many thanks,
| >|
| >| Martin.
| >|
| >|
| >
| >.
| >
|
 
Back
Top