Saturday, September 7, 2013

IE11 and ASP.NET Session cookies


I have just upgraded to IE11 and although it’s really awesome I had some weird issues with some MVC applications I am using. The problem occurred with the authentication cookie and the session id being stored in the URL. Although I explicitly enabled cookies for my custom applications’ URLs, the session id and the asp.net authentication token would still persist in the URL. This broke the POST requests as the server could not authenticate the request (the token was not posted in neither the URL nor a cookie) and would return a 401 response.

According to a discussion in msdn there seems to be an issue with the new user agent string (most sites don’t recognize the new IE) and thus the MVC doesn’t enable cookies. In order to explicitly force the use of cookies in the authentication token add the cookieless attribute in your forms authentication element as follows:

<authentication mode="Forms">
  <forms loginUrl="~/YourLoginUrl" timeout="2880" cookieless="UseCookies" />
</authentication>

9 comments:

minirobbo said...

Bloody good find - many thanks

Dev said...

you are the life saver...

Daniel said...

Bloody good find - indeed

Daniel said...
This comment has been removed by the author.
RidgeRunner said...

Thanks for this hint; I added the cookiesless="UseCookies" to the web.config and clicking the link resulted in the following error:

JavaScript runtime error: '__doPostBack' is undefined

Any ideas next? I am an amateur developer.

Andrejs said...

1000 thanks for saving my day! This worked like a charm.

Anonymous said...

Thanks for this. Kudos.

SAJEEV CHATHANNOOR said...

i have tried the above in my asp.net mvc application.But it works fine for my first login.During my second time login the auth cookies are not sent in the request header

Anonymous said...

can we display message like cookies are not enabled in you browser ?