IIS not recognizing cookie when linked via Word File

Question

We are running IIS 7 and session cookies, but because we have links in external Word documents that we want to be "secure" - (ie people need to be logged in to view them), we set up some code to create a persistent cookie once a user logs in and to check that before serving the linked content. This works fine for:

1) when copying the link url and pasting it directly into the browser. 2) when doing this on our local web server that comes with Visual Studio 8 (not IIS Express)

But when clicking on a link in the Word document that points to a file on the server itself, the site fails to find the cookie and so redirects to the login page (even when the user has just logged in (and thus just set that cookie - and I can see that cookie in a cookie management tool with an experiration date-time that's 20 minutes out).

Is there some kind of server setting we are missing, or is there some funkiness when opening a url from an external file that prevents a cookie from being read? That seems wrong because we can do it fine when the server is local and accessing the localhost domain, but who knows!

Any help would be appreciated, thanks!

Answer 1

Well, I haven't found any setting, and we're talking to our hosting company to see if they know of anything that could be blocking the cookie from being read.

However, I thought of a workaround that seems to work. Basically the workaround is to instead of linking to the aspx page that does the cookie check and then redirects, to instead have the link go to an intermediary html page. That page has JS that parses the url for the file parameter of the link and redirects the user to the aspx redirect page, passing on that parameter. When doing it this way, for whatever reason, the cookie is read properly and the file is served.

I'm still unclear whether this is some security quirk in IE, or a server setting, but at least this workaround seems to get the job done!