Two of the websites we built at work kept kicking me out. For some reason, I kept losing my session cookie, and I kept getting redirected to the login page. Since I spend a fair amount of time working with these sites, it was annoying to have to keep re-supplying my login and password every few minutes.
This went on for months, but none of the developers could replicate it. I asked around, and this wasn’t happening to anyone else. I eventually came to the realization that something must be wrong with my system. I tried reinstalling IE6. I also removed all my browser add-ons, but the problem kept happening. (I’m stuck using IE because it’s the principal target browser for our sites, but thanks for the Firefox suggestion, Darren. I’m using that at home.)
After more tinkering, I noticed that I kept getting kicked out of the site every time it popped open a new window. More playing with it proved that I could prevent the session cookie loss by manually creating a new browser window as soon as I logged in. After that, everything was fine. Armed with this new information, I asked my colleague Denis to see if he could find a solution. Master Googler that he is, he found Microsoft’s admission to an IE bug within a few minutes.
It turns out that the thing I was doing differently from everyone else was that I had my browser homepage set to an HTML document on my desktop with my work links on it. By linking to the sites from this page, accessed via the file:// method, I was setting myself up to lose my session as soon as the site popped open a new window.
The fix was as easy as putting my custom browser homepage on a remote server so I could access it via http:// instead.
I probably wasted half a day trying to fix this, based on the assumption that I or the developers had done something wrong. Bugs are a fact of life, but what’s particularly irritating is that Microsoft has allowed this bug to go unfixed to exist since IE version 5.5sp1. That’s 3 years! Ugh.