I'm a huge fan of the Live HTTP Headers plug-in for Firefox. It can be a lifesaver when it comes to debugging complicated redirects and cookie issues. Well today I was doing some debugging in IE and I wanted to see what headers were being passed to and from the server. A little looking and I found ieHTTPHeaders. The tool doesn't have all the features of Live HTTP Headers, but it lets you see request and response headers from a window in IE which is all I needed.
So today I ran into this strange issue while testing Oracle support for the next release of FarCry. I use the ACME environment for my local development (thanks to Stephen Collins!) so I had set up a virtual host named farcry_oracle.nmische.org in Apache for testing.
Does anybody see anything wrong with this?
Well, I didn't, at least not until I needed to look at something in IE. When I tried to login to the FarCry administrator I kept getting redirected to the login form. What was strange however was that I was able to login with Firefox just fine. In trying to figure this out I could see that IE was not setting the CFID and CFTOKEN cookies as expected. Now I have to admit, I probably haven't touched IE in at least two months, so my first thought was that it could be something simple like a security setting causing the issue. I went into IE's Internet Options and reset everything to the defaults. Still no luck. Next I resorted to looking at the HTTP headers to see if I could see anything strange. Everything looked fine there so I was really stumped. Upon further investigation I found a comment in the PHP documentation that finally lead me to the solution.
According to the RFCs domain names can only contain the letters (a-z, A-Z), digits (0-9), and the hyphen (-). Turns out the invalid underscore character in my subdomain was the problem. Firefox set the cookie for the invalid domain name just fine, but IE would not. Lesson learned, do not use underscores in domain names!