This is eerie - I was just typing the same problem on the Technology board but wanted to see if the Browser board would be more appropriate. Just tonight two users reported the exact same issue.

My site in ASP relies on Session Variables to maintain state after a user logs in with a username/password validated against a database.

The first step occurs without a problem. The welcome screen is shown, the session variables have the proper values so the cookie must be set correctly.

However, when they click Continue, or go to whatever the next screen is, the variables are all undefined and the user is either kicked out to re-authenticate or shown a 404.

At first I thought it could be adjusted in the IE privacy settings, but as Rex indicated above, all is correct in the IE settings. We've even set the privacy to allow all cookies with no better result.

It's not a domain/firewall issue either, since a person can be successful on a different computer in the same area.

I've had this crop up more and more lately, and the only way I was able to get the customer working again was to have them download FireFox.

I can only surmise that something in a Windows Update is causing this error. OR could it possibly be something in setting the cookie from my server? Are there any HTTP_SERVER variables I could examine to see what is going on? Could it be a hidden trojan/spyware on their machine which causes it to delete the cookie?

I'm stumped also. Especially since it works with Firefox on the same machine.

When it was one user it was just an annoyance. With the sixth in two months, something needs to be checked out, and I'm at the end of my knowledge.

I called Microsoft tech on this and they want to talk with an actual user having the issue. I'm asking a customer of mine to call them (I'll pay the charges) to see if there is an answer. Several more people reported this issue to me today as well.

I suspect it's something in a Windows Update that is causing the grief.

It's just possible that if it's windows 98 the IE doesn't have the correct encryption level on it, I vaguely remembere that is an issues sometimes, I'd have the users check their IE 'help -> about -> cypher strength'

It's supposed to be 128 bit, but some old IEs were released with lower strengths, for export reasons, and for other reasons, you had to manually install the 128 bit cypher.

That's pushing it, but worth checking out, it's easy to verify with the user, so might as well check that.

Nope, most are on Win XP.

You could catch the HTTP_COOKIE header sent with each client (browser) request and compare it to what you sent when you set it. The cookie will be sent with every client request to the 'domain' that you specified when creating it, as part of the client request header.

Also, standard procedure in these cases is to ask the visitor to flush his/her browser cache (Temporary Internet Files) since IE behaves strangely if the cache or the index.dat for it is corrupt.

If by luck you have a reasonably savvy visitor with the problem, have him/her delete any old cookies for your domain as well.

Jim

Thanks for those ideas. In my case I don't specifically set a cookie, rather it's done with the Session object.

I did read about the index.dat file becoming full or corrupted, but I couldn't find one on my machine in the TIE folder, so I didn't want to suggest that one yet.

TIE folder?

Temporary Internet Files - should be TIF, sorry.

I did finally do a search and found the index.dat in the several places:

C:/Documents and Settings/<username>/Cookies
C:/Documents and Settings/<username>/UserData

and several in the DefaultUser path as well.

Which to delete? I guess we'll ask Mr. Trial and Mr. Error.

I had the same problem. A user called in a few days ago (Nov. 1st) with a problem that they could not log in. Everything seemed correct: she could log in the friday before, her password was correct her cookies were setup correctly. After a lot of troubleshooting is dawned on me that daylight savings was on Oct. 31st. Her time was set correctly; however, her computer was set for Pacific Time. After switching her computer to Eastern Standard Time it worked. I did not create the login security, but I determined there must be something which looks up the computer time.

I really hope this helps you.