I moved a very old 3.x based site from an old Linux server to a new one. This involved upgrading a number of things, including AOLserver (because I couldn't get the old version to build, and it didn't seem worth the effort to try). I thought everything was working fine until we discovered that IE users can't log in. No problem for Safari or Firefox, just IE.
I traced it down to the ad_session_id cookie. If one is using a sane browser, the cookie is written like so:
24698311,8645,aWDAN94COzn2OJxUFsMysXGu8EwX0FLr,1253291978; Path=/; Max-Age=86400
and read back as
However, if one is using the devil's browser :), it gets written properly:
24700551,8645,izOJSRoH5HeejpBwNjQm7Y1BugyQSaJk,1253291697; Path=/; Max-Age=86400
but reads back like this:
Two things have changed - the user_id is now zero, and the last_issue timestamp has increased.
I know this looks like it is being written again somewhere else, but I've examined every instance of ad_session_id everywhere in the code (it only appears in tcl/ad-security.tcl) and put an ns_log statement in ad_set_cookie and there is no sign of it being set again. I have read it back right after setting and it is correct at that point.
It really makes no sense; it looks like there must be some code rewriting the cookie that I have not found, but how could that possibly happen only for Internet Explorer???
Has anyone run into anything like this? I have Googled, but nothing even remotely similar is coming up.
I have IE 7; the client says they have also verified it happens with IE 8.