in reply to Re: [OT] 302 redirect after login result cookie lost?
in thread [OT] 302 redirect after login result cookie lost?

The answer is in
The HTTP 1.0 standard per http://www.w3.org/Protocols/rfc2109/rfc2109 in section "4.3.5 Sending Cookies in Unverifiable Transactions" says that cookies should not be set from unverifiable transactions. It states specifically that "Unverifiable transactions typically arise when a user agent automatically requests inlined or embedded entities or when it resolves redirection (3xx) responses from an origin server." So, "Set-Cookie" is not to be acted upon by browsers / user agents for 3xx redirects. Nothing in HTTP 1.1 changes this part of HTTP.
http://www.ietf.org/rfc/rfc2965.txt doesn't really change this
Thanks to
  • http://www.persistall.com/archive/2008/01/25/cookies--redirects--nightmares.aspx
  • http://jhottengineering.blogspot.com/2009/02/ie-post-and-redirect-errors.html

    Butlerian Jihad now!
    • Comment on Re^2: [OT] 302 redirect after login result cookie lost?

    • In Section Seekers of Perl Wisdom