none
Problem with Cross Domain cookies only occuring in IE, works in Firefox & Chrome RRS feed

  • Question

  • When Thinktecture Identity Server Signout page issues wa=wsignout1.0 command to Sharepoint2013 the sharepoint cookie is not sent and therefore not destroyed. This happens using IE 11 but works fine with Chrome and Firefox.

    The signout page contains an iframe for each RP, I tried changing the iframes for <Img> tags instead, but still fails.

    Any ideas?

    Wednesday, October 21, 2015 10:53 AM

Answers

  • Hi Simon,

    Just added a P3P policy to SharePoint and now it works, still need to complete a few further tests to confirm, but it seems to have fixed the problem.

    Originally I had no P3P policies on any of the three sites. Since then I created a policy for the STS(Identity Server 2.0) and the asp.net RP and this is what I been testing against recently.

    Now I've add a policy to the SharePoint site as well it seems to have fixed the issue. I need to just look at the Fiddler traces and complete all the testing scenarios, but looks promising. 

    Thanks for you help Simon.

    • Marked as answer by Jamster99 Thursday, November 5, 2015 8:46 AM
    Wednesday, November 4, 2015 11:45 AM

All replies

  • Found some more information, if IE is put in in-privacy mode it works and send the cookie which is then destroyed.

    Do you think this might be due to the P3P policy?

    Thursday, October 22, 2015 8:32 AM
  • Hi,

    InPrivate Browsing just help to prevent your browsing history, temporary Internet files, form data, cookies, and user names and passwords from being retained by the browser. Since the issue is solved in InPrivate Browsing, maybe the issue is related to the old or cached data.

    Platform for Privacy Preference Project is a protocol that allowing websites to declare their intended use of information they collect about web browser users. I would like to know the exact policy you applied to Platform for Privacy Preference Project.

    Also, you can use the Compatibility View to test the issue.

    http://windows.microsoft.com/en-us/internet-explorer/use-compatibility-view#ie=ie-11

    Wish you have a nice day.

    Best Regards

    Simon  


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Sunday, October 25, 2015 6:18 AM
    Moderator
  • Hi Simon,

    Thanks for the reply, at the time of testing no p3p policy was applied. Since then I created one, but still no change. Also done further testing by creating a new asp.net website to see if it is only Sharepoint which is the problem and it is. Using two asp.net websites authenticating using identity server 2.0 both sites on logout signout of identity server and each other. So only when testing using sharepoint and another asp.net website does the problem occur.

    It seems only by using Sharepoint logout do all the cookies get destroyed for all the rps. But this does not occur in firefox and chrome only IE, except when in privacy mode then it works in IE.

    The P3P policy I created seems to have no effect and even without it all the iframes were rendered and no evil eye shown on status bar so I don't think its the P3P.

    When in privacy mode do the cookies behave differently or is Sharepoint doing something different when IE is in this mode.

    Tuesday, November 3, 2015 4:22 PM
  • Hi,

    Thank you for your reply.

    However, have you used Internet Explorer Compatibility View to open the website?

    Please kindly tell us if it works.

    Best Regards

    Simon


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, November 4, 2015 2:01 AM
    Moderator
  • Hi,

    Tried again after adding the sites to Compatibility View Setting, but still no change. Only using In-Privacy mode will the wa=wsignout1.0 command issued to SharePoint from another RP signout from SharePoint.

    Using fiddler you can see a lot more entries, but the most interesting request is the "GET /_trust?wa=wsignoutcleanup 1.0 http/1.1" where the FedAuth cookie is not sent and not expired.

    When the same request is issued using In-Privacy mode the cookie is attached and expired.

    Either SharePoint or IE must detect a problem but can't find anything.

    Wednesday, November 4, 2015 10:16 AM
  • Hi Simon,

    Just added a P3P policy to SharePoint and now it works, still need to complete a few further tests to confirm, but it seems to have fixed the problem.

    Originally I had no P3P policies on any of the three sites. Since then I created a policy for the STS(Identity Server 2.0) and the asp.net RP and this is what I been testing against recently.

    Now I've add a policy to the SharePoint site as well it seems to have fixed the issue. I need to just look at the Fiddler traces and complete all the testing scenarios, but looks promising. 

    Thanks for you help Simon.

    • Marked as answer by Jamster99 Thursday, November 5, 2015 8:46 AM
    Wednesday, November 4, 2015 11:45 AM