asked on
IE 11 cookies & deleting on exit
We seem to be having an issue with IE 11 retaining cookies on websites listed in the favorites. We have IE 11 settings configured to delete browsing history on exit. We also have the setting check marked to Preserve Favorites website data. We have one particular website that we know of that requires cookies to be present to not prompt for security questions on login. Our users are continually getting prompted for these questions on computers that should be retaining cookies and not prompting them. Has anyone seen this issue and have a way to make it work correctly? Thanks
VulnerabilitiesWindows 10Internet / Email SoftwareCyber SecurityWeb Browsers
Last Comment
Blue Street Tech
Cookies are separate from Favorite website data so your current settings aren't going to keep them. Instead, you need a utility to let you keep specific cookies:
http://www.ampsoft.net/utilities/CookieMonster.php
http://www.ampsoft.net/utilities/CookieMonster.php
@Davis McCarn - that is not correct, in IE11 Preserve Favorites website data preserves cookies and temporary Internet files.
ASKER
We are running on Win 7 in a standard PC client environment. This is happening to all users. Our business has standardized on IE as our browser and does not allow other browsers to be utilized. Nothing odd about the domain at all, it is a regular domain. We do understand the risks involved in not deleting cookies and temp files and do so on all non-favorite sites. Thank you for your suggestions and please keep sending more.
Sorry the notification for your reply slipped through the cracks. You didn't address many of my questions. Namely,
Try turning off Protected Mode and tell me if the issue persists?
Have you cleared your GPOs from interfering with this event?
Try turning off Protected Mode and tell me if the issue persists?
Have you cleared your GPOs from interfering with this event?
ASKER
We have verified that GPOs are not interfering with this issue and have Protected Mode turned off. It is still clearing cookies when users exit IE11.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Actually deleting cookies immediately is a Best Security Practice (we have them set to delete after 1 minute - all of them), deleting cookies on browser close is a Good Practice but leaving them indefinitely is a Bad Practice from a security and privacy standpoint. I don't see how this would pass a security audit. IE has a terrible reputation for storing sensitive data like form data and passwords. Even The Firefox dB which is password protected is insecure. I'd change their default broswers to FF, install Cookie AutoDelete add-in, and install a password manager like Dashlane. It will auto populate form data as well as auto-login to websites. You will have centralized control and its very secure.
If you decide not to take my advice, I'd also look into any add-ons in IE that could be doing so or security software, then I'd look at your GPOs and make sure something is not overriding the defaults.
What OS is IE11 installed on? (IE11 was pre-installed on Windows 8.1, but it can be installed on Windows 7-10)
Is this an RDS environment or standard PC client?
Is this happening to all users or is it isolated to a group?
Try turning off Protected Mode and tell me if the issue persists?
Does this issue occur in other browsers?
Is there anything peculiar about the domain?
I'm assuming you have tried to reset the browser, added the domain in question to the Trusted Sites...
I look forward to hearing from you shortly.