Cookie lost in IE10 when redirecting to a different page

Question

I am experiencing a weird problem with cookies and how they work in IE10. When the browser sends a request, the server returns the following response:

HTTP/1.1 200 OK
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID-8180=z0jgejq0vz0n15ov6b0eh0lru;Path=/foo
Set-Cookie: csrfToken=078ac03d0b0f5f3b9b8158816d49dcadec9ed92b
Pragma: no-cache
Cache-Control: no-store
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 83
Server: Jetty(6.1.23)

<script>window.location.href = "http://localhost:8080/foo/bar";</script>

Then the browser is redirected to the URL above. But the request is missing one of the cookies (csrfToken) it got from the server:

GET http://localhost:8080/foo/bar HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://localhost:8080/foo/bar/referer
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
DNT: 1
Host: localhost:8180
Cookie: JSESSIONID-8180=z0jgejq0vz0n15ov6b0eh0lru

Worst of all - I can't reproduce it on my local machine - these are logs I got from my client. Chrome and FF also work fine.

Why IE does not send it back? Did it lost it or are there some settings I can play with? I appreciate any help - would be glad even reproduce that...

Answer 1

You can't set same header twice in that case:

Set-Cookie: JSESSIONID-8180=z0jgejq0vz0n15ov6b0eh0lru;Path=/foo
Set-Cookie: csrfToken=078ac03d0b0f5f3b9b8158816d49dcadec9ed92b

Change it to:

Set-Cookie: JSESSIONID-8180=z0jgejq0vz0n15ov6b0eh0lru;Path=/foo,csrfToken=078ac03d0b0f5f3b9b8158816d49dcadec9ed92b;Path=/foo

It is against current RFC, but thats how it works...