Python generated cookies not working properly with Internet Explorer

Hi,

I've been asked to "fix" some python / CGI code on one of our products. The cookies worked fine in Firefox, but were timing out after a couple seconds in Internet Explorer 6.x.

I have had some experience with Python before, but that's about it. After mucking 'round within the code for a couple of days, I was unable to find an obvious cookie error. The ex-dev looked like they knew even less than me, and it was hardly secure.

I took out the cookie code, and replaced it. But we're running into a weirder set of problems:
1) It looks like the cookies are not being stored by IE. They are not showing up as a "Cookie:.." text file in the Temp Internet Files directory.
2) The attached code shows the cookie code in a simple test. In IE, hitting the 'login' button often brings you back to the login.cgi page. Changing the security settings makes no difference here...

Could these problems have the same root? Is it the cookie code? What am I missing?
login.cgi.txt
main.cgi.txt
mycookie.py.txt
PhyrePhoxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

PhyrePhoxAuthor Commented:
Solved.

TCP dumping showed that IE was sometimes truncating the cookies (probably due to the binary data), so we encrypted them in base64.

The second part of the question is as SSL issue / IE issue, which was fixed by changing the apache config
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PhyrePhoxAuthor Commented:
The SSL link is here:
http://www.rupertjones.com/weblog/archives/000073.php

and here:
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49

Which basically instructs you to put the following in the virtual host directive of your Apache config:

    SetEnvIf User-Agent ".*MSIE.*" \
    nokeepalive ssl-unclean-shutdown \
    downgrade-1.0 force-response-1.0

0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.