We seem to be having an issue with IE 11 retaining cookies on websites listed in the favorites. We have IE 11 settings configured to delete browsing history on exit. We also have the setting check marked to Preserve Favorites website data. We have one particular website that we know of that requires cookies to be present to not prompt for security questions on login. Our users are continually getting prompted for these questions on computers that should be retaining cookies and not prompting them. Has anyone seen this issue and have a way to make it work correctly? Thanks
Actually deleting cookies immediately is a Best Security Practice (we have them set to delete after 1 minute - all of them), deleting cookies on browser close is a Good Practice but leaving them indefinitely is a Bad Practice from a security and privacy standpoint. I don't see how this would pass a security audit. IE has a terrible reputation for storing sensitive data like form data and passwords. Even The Firefox dB which is password protected is insecure. I'd change their default broswers to FF, install Cookie AutoDelete add-in, and install a password manager like Dashlane. It will auto populate form data as well as auto-login to websites. You will have centralized control and its very secure.
If you decide not to take my advice, I'd also look into any add-ons in IE that could be doing so or security software, then I'd look at your GPOs and make sure something is not overriding the defaults.
What OS is IE11 installed on? (IE11 was pre-installed on Windows 8.1, but it can be installed on Windows 7-10)
Is this an RDS environment or standard PC client?
Is this happening to all users or is it isolated to a group?
Try turning off Protected Mode and tell me if the issue persists?
Does this issue occur in other browsers?
Is there anything peculiar about the domain?
I'm assuming you have tried to reset the browser, added the domain in question to the Trusted Sites...
I look forward to hearing from you shortly.