Problem with 2 letter domain names, Internet Explorer and cookies

If the problem really is as you describe it, I think the fix may be elsewhere. That line that strips the 'www' is only a convenience thing to allow users to log in to www.ba.za and ba.za equivalently. Removing it from cookie.domain em>should make the cookie valid for both at once. Either way the cookie should be setting for you as *.ba.za

but... It could be something different that's breaking ... you say just a 2+2 domain? xx.xx ? Hm. OK, that's pretty rare! But all the more reason for me to suspect it's not been found or fixed before.

So, um, it would help to know which version of IE you are using. IE3 was probably pretty bad at cookies ;-)

I just spent literally 8 hours over the past two days trying to solve this problem! I've got the domain "1z.tc" (I needed a two letter domain name, and .tc was one of the few available) and yes, I have exactly this same problem. With IE7 (not IE3.)

I ended up adding the following on lines 306..308 of bootstrap.inc after the if {} statement mentioned by hsbis.

// BEGIN HACK -- See: http://drupal.org/node/280623
ini_set('session.cookie_domain', $_SERVER['HTTP_HOST']);
// END HACK

I used $_SERVER['HTTP_HOST'] instead of hardcoding because I use a HOSTS file that masks "http//1z.com" for local testing and (now) a "http//www.1z.tc" for deployment. FYI, "http//1z.com" had no problem logging in.

I also had to add the following to my .htaccess because I could not make "http://1z.tc" work, I could only make "http://www.1z.tc" work:

# Force WWW because Drupal & IE7 doesn't like five (5) 
# char domains (http://www.1z.tc is okay, but not http://1z.tc)
RewriteCond %{HTTP_HOST} ^1z\.tc$ [NC]
RewriteRule (.*) http://www.1z.tc/$1 [L,R=301]

Uggh. What a waste of what could otherwise have been a productive 8 hours. Now I'm 8 hours behind.

Any chance for a fix, and have the code fire an error that says domains like "http://xx.xx" are not supported and must use "http://www.xx.xx" to keep others from have to go through the same 8 hour nightmare?

I can confirm this problem. All versions of IE (including IE7) are having this problem. I use almost same solution (http://drupal.org/node/165736#comment-264229). But I hate hacking the core. I will check Drupal 6, but I think, it will be same. :-(

That's a really crazy issue: http://support.microsoft.com/kb/310676

I see no clean way of solving this, so I'm won't fixing it.

Drupal 6 is probably not affected. As a workaround, you could try using this is your settings.php:

  ini_set('www.ba.za');
  $cookie_domain = "pleasedontsetcookiedomain";

I confirmed that http://support.microsoft.com/kb/310676 fixes the issue on IE7 with two letter domain names. What a wacky fix having to put the TLD in backwards in regedit!

For example, myhost.xy.ca, where "ca" stands for Canada. However, you must enter the value field as "ac."

hi, I still have the problem with my http://ro.ma website and Drupal 6. Do you have some fix for Drupal 6 about this bug?

(Update: adding "WWW." to my domain make it work on IE. Still no chance to have my website working on IE as simply: http://ro.ma . Any workaround greatly appreciated)

The problem is still present for Drupal 6.x and IE7 - for two-letter domains (danish .dk in my case). I had to use the core hack by hsbis - commenting out the removing of "www" from cookie domain in conf_init() function in /includes/bootstrap.inc.

Also my cookie domain is set to www.NN.dk. This means, that I can't use NN.dk when logging in, which I've fixed by rewriting all trafic to www.NN.dk - as mentioned by MikeSchinkel in #2

Maybe a setting somewhere to make the removing of www in cookie domain in conf_init() voluntary?

The problem is still present in Drupal 6.22 and IE9 for short domain names such as "ab.be".

hsbis solution to comment out the line and the redirect all requests to the www.* domain works.

I can confirm that this issue is also still present in Drupal 7.15 and IE9 for short (2-letter) domain names like "ab.nl".

I applied the solution suggested by hsbis to outcomment lines 789 - 791 in includes/bootstrap.inc like so:

// if (strpos($cookie_domain, 'www.') === 0) {
// $cookie_domain = substr($cookie_domain, 4);
// }

The above prevent Drupal from stripping the "www." from the string set in your $cookie_domain.
Directly under the outcommented lines I explicitly set $cookie_domain to the referrer like suggested in #2:

// BEGIN HACK -- See: http://drupal.org/node/280623
ini_set('session.cookie_domain', $_SERVER['HTTP_HOST']);
// END HACK

While the above solved the problem of IE9-users not being able to log in, I feel like it should not be neccesary to hack Drupal core in order to make this possible. Like mazaza suggests in #7, it would make more sense to create a setting somewhere in Drupal that allows users to voluntarily remove "www." from the cookie_domain variable. Any thoughts on this?

Reopening this issue, as it seems to persist in several (all?) versions all the way through to 7.15

Yes, this is a persistent issue, but no one seems able to fix it without (as Dave Reid notes) a regedit on the user side, which isn't really a viable fix.

I faced the same problem today, I discovered that it is coming from one of my toolbars installed on IE, it's called pdfforge.
If you have it then disable it and restart IE, If you don't have it then try to disable other toolbars and restart IE.
I hope this will work.. please provide us with your feedback so that we can close this problem.

Thanks

#9 helps me from 7.15 to 7.28, still waiting when it will be committed to core.

The problem is this can't be committed because we don't *want* core to set www-containing cookies in the majority of cases. A real patch will need to turn this into a configuration setting of some kind, ideally along with documentation on how to re-route incoming IE users to a www.-version of the domain.

Redirecting 2 letter domain with www. will work in IE. But it may create problem if this domain have subdomains.

I have no problem logging into 2 letter domain using IE11 and Edge for D7 and D8.

My setup:
Virtual machine with Drupal 8.3.x and Drupal 7.50

Domain names tested:
d7.local, d8.local, d7.lo, d8.lo, www.d7.lo, www.d8.lo

Login via /user works for IE11, Edge and Chrome.

I have tested IE9 as emulated browser without problem also.

@dillix is this still a problem?

Yes, we have problem in IE also in D7.50, so we applied old hack from #9

@dillix which IE version and OS version are you running?

Do you use the /user login or a Login block?

Trying to verify bug.

@kristofferwiklund We use Win7, IE11 on /user/login