I have a partly inherited web application in PHP and after poking around with Fiddler I have a little more data than before. The problem I’m trying to solve is unwanted logouts on IE6/8 but not FF/Chrome. If a user clicks between different pages, the login data cookies vanish.

The behavior is different in FF vs. IE, and the reported information is different in almost exactly the same way between Fiddler(/IE) and Live HTTP Headers(/FF).

In Firefox the cookies appear to be treated like the PHP specifies: they are created when the user logs in and checks “Remember me”, and they are only deleted if the user visits the logout page, and they have a two week expiration date. Live HTTP Headers report nothing different: the cookies are never reported as being changed or deleted when the user clicks between pages.

But with IE, they disappear when the user clicks between different pages, and Fiddler reports,

Cookies / Login
    Set-Cookie: *******=deleted; expires=Sun, 29-Jun-2008 21:07:46 GMT; path=; domain=.********.com
    Set-Cookie: *******=deleted; expires=Sun, 29-Jun-2008 21:07:46 GMT; path=; domain=.********.com

(‘deleted’ is literally quoted from Fiddler’s output. I do not have any place in my code where either value is set to a magic string of ‘deleted’.)

Not only do IE and Firefox have different interpretations of how the site is saying but Fiddler and HTTP Live Headers report correspondingly different versions of what the site does.

Is there something special about IE and ‘deleted’? This may sound strange, but does IE want cookies to be re-enabled with each page view or something like that?

And how can I appease IE to bless the cookies in question as not deleted by the server unless the user requests it by visiting the logout URL?