I'm working on a website that runs on Django 1.2. It uses django.contrib.auth, django.contrib.sessions.middleware and django.middleware.csrf without modification. We recently discovered that users of our site cannot login using IE6 or IE7. IE8 and all other browsers that we know of seem to work fine. We've used Fiddler to look at the request and response headers. It appears that in IE6 and IE7, the sessionid cookie is returned by Django in the http response but never gets saved by IE. Interestingly, the csrftoken cookie does get saved.
Using the csrf code as a model, I experimented with setting my own cookies and discovered that cookies work fine in IE6 and 7 UNLESS the 'expires' parameter is used. It doesn't seem to matter what value appears there, I have tried dates ranging for 2 days out to 2 years. The format of the 'expires' looks correct. I've compared it to the specification on MSDN (http://msdn.microsoft.com/en-us/library/ aa384321(VS.85).aspx). I've seen numerous IE cookie problems reported here and elsewhere but nothing as specific as what we see. This problem is easily reproduced in our environment on multiple servers and domains. I can create cookies with or without setting the domain and path variables but as soon as I set 'expires' the cookie fails. Aside from tweaking the session middleware, I'm not sure how to fix this. Have others seen this? Any ideas? -Bob Barcklay -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
