Recently installed Windows 7 which is really nice. IE8 is the default OS browser and typical the one I use as my “default development browser”, which means it is not my default browser (Firefox is), but it’s the browser that Visual Studio opens when I do a “View page in browser”.
I have multiple sites which use ASP.NET Membership (and hence use session cookies to keep me logged in). I typical change my ‘hosts’ file to something like this below, and of course set the ‘binding’ (host header) in IIS7 to match:
(names have been changed to protect the clients :-)
However when I fired up VS2008 and tried to log into one of my sites which uses membership, I simply could not log in. After having done some HTTP Cookie debugging I realized that IE8 did not store my cookie. A fact that was proven correct as the same site worked fine i both Firefox and Chrome.
Surfing the net I found a that this is a “security feature” of IE8 – the thing is that if you have e.g.
Cookie domain: mha
should work, but if you do
Cookie domain: 127.0.0.1
..then it won't work, because IE sees that as security risk as 127.0.0.1 does
not match the requested hostname.
Microsoft recommend that you should always name internal servers with
hostnames that are FQDNs, such as mha.local - This also helps to mitigate
problems such as DNS failures and use of suffix handling - eg. if the DNS
automatic suffix for a machine on your network is .com, and you name a
server mha, a request to http://mha could end up requesting http://mha.com
because of the automatic suffix handling.
So to get this to work you need to stop using single words for internal site
URLs and start using e.g. localhost.mha
So .. in order to make IE8 accept cookies from internal sites running on localhost / IIS7, and is mapped in your ‘hosts’ file we need to do a couple of thing:
1) Make sure you’re using a full qualified hostname, e.g. localhost.aspnethotelV25
2) In IIS7 make sure you’ve set up your hostname correctly in binding:
3) In your ‘hosts’ file, make a matching entry:
# --- IIS7 / localhost ---
4) In IE8 make sure to add your site to always allow cookies:
- Go to Tools –> Internet Options
- Click ‘Privacy’
- Click ‘Sites’
- In Address of website, enter your host header name
- Click ‘Allow’
That’s it!! – Finally your site, running on your own localhost / IIS7 which is using a different name that localhost or 127.0.0.1 is now able to accept cookie (because we all know that cookies server up from localhost is a big security risk!?! :-)
Enjoy the wonders of Internet Explorer v8 (or simply use Firefox, Chrome or any other browser which just work out-of-the-box)