This problem drove us bonkers over the past few weeks after upgrading our internal equipment from Vista and XP to Windows 7. As a side note, Windows 7 is a fantastic operating system that we are extremely satisfied with. It’s a shame Microsoft did such an awful job with Vista because this new version is great.
So back to our problem… Websites using ASP.NET Forms Authentication were no longer maintaining persistent login cookies on websites that had been working for months and years. After the authentication tickets were written to the guest’s machine, they got (at most) a single page-view before being bounced back to the login page. The websites continued to function perfectly in Firefox, Safari, Chrome, IE7, you name it; just not IE8.
Additionally, if the authentication ticket was not written as persistent, the session cookie would function just fine in IE8. The problem was localized to only cookies set to persist across browser sessions.
The solution took us quite a while to find online believe it or not, and when we found it we wanted to kick ourselves for not finding it sooner. It all stems from the domain attribute of the forms authentication settings within the web.config file of your application. We typically left that attribute blank in our apps to make it easier to develop. Further, none of the other browsers above cared about that setting and functioned just fine. However, that changed in IE8 and now that attribute is required.
My guess is that most people have been using that attribute all along so there was no noticeable degradation in performance in the new browser. That would at least explain why there wasn’t a lot of noise on the Internet about this issue.
Anyway, I hope this post helps some other folks save some time.
Brad