We have an ASP.NET application running on .NET 3.5 and are running into a problem with the forms authentication cookie not being set on IE9. We can see in the HTTP headers that the Set-Cookie header exists in the response, but the following request does not include that cookie.

I’ve tried changing every setting in IE that I could find that might relate to cookies and nothing helped. Specifically:

Tools > Options > Security > Trusted Sites > Added..

Tools > Options > Security > Uncheck ‘Enable Protected Mode’

Tools > Options > Privacy > Accept All Cookies (lowest)

Tools > Options > Privacy > Sites > Added..

Tools > Options > Privacy > Advanced > Override automatic..

Tools > Options > Privacy > Advanced > Always allow session cookies

Here’s the headers for the response with the cookie followed by the next request which doesn’t include it:

HTTP/1.1 302 Found
Date: Sun, 29 Jan 2012 01:45:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: /Default.aspx
Set-Cookie: MyApp=34C244EF0AAD...; expires=Sun, 29-Jan-2012 03:45:17 GMT; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 8520

    
GET /Default.aspx HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://app.myserver.edu/sec/login.aspx
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0; MALC)
UA-CPU: AMD64
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: app.myserver.edu
Pragma: no-cache
Cookie: ASP.NET_SessionId=nybswv45aezj5wioscv832jg

Is there any way to find out why IE9 is not setting the cookie? Anything I can adjust in my Web.config that would affect this? My authentication section is this:

    <authentication mode="Forms">
        <forms name="MyApp" loginUrl="/sec/login.aspx"/>
    </authentication>