DOCUMENT:Q299353 04-JUN-2001 [msdn] TITLE :Passport Cookies Are Not Deleted When a User Signs Out PRODUCT :Microsoft Developer Network PROD/VER::1.4 OPER/SYS: KEYWORDS: ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Passport, version 1.4 ------------------------------------------------------------------------------- SYMPTOMS ======== Passport cookies are not deleted when a user signs out of the site. CAUSE ===== Several issues can cause Passport cookie deletion to fail. See the "More Information" section for information on how to determine the cause of the failure. MORE INFORMATION ================ - Check the Site ID value that is set in the Passport Manager Administration utility. If the value is set to 1, your site is in test mode. While Passport Manager is in test mode, Passport cookies remain on the user's browser until the browser is closed, and a sign-out check-mark image is not displayed on the Passport server logout page. Complete the registration process and edit the Site ID value to reflect your site's Site ID. Passport Manager does not and cannot delete cookies while the Site ID is set to 1. Change the Site ID value in the Passport Manager Administration utility to the value that was given to you when you received your Passport encryption key. For more information, see the following Microsft Passport Software Development Kit (SDK) Web site: Test Mode http://www.passport.com/sdkdocuments/sdk14/Reference/Operations/testmode.htm - Ensure that the path and file name of your cookie-delete page matches the ExpireCookieURL that you provided when you registered your site, and also ensure that the cookies are written to the same domain and path that is specified in the Passport Manager Administration Utility. - Ensure that the cookie domain field in the Passport Administration Utility is preceded with a dot (.) if you share Passport cookies with multiple sites in a larger secondary domain. Some earlier versions of Netscape browsers do not delete cookies from a root that does not have a leading dot specified in the domain of the cookie when writing headers to delete cookies. For example, "msn.com" may not work in this case, but ".msn.com" does. - Ensure that your cookie-delete page be served from your Web site root to make sure that it has permissions to delete any possible paths where Passport cookies have been written. This is strongly recommended, because otherwise your cookie-delete page may not have rights to delete all necessary cookies, as determined by the cookie access rules that are enforced by client browsers. To test this, set and then delete some of your own cookies in various paths. - If your site uses multiple servers with Passport Manager installed, ensure that all of the servers are writing the cookies to the same domain and path, and also make sure that all of your cookie-delete pages are in agreement. - Open your cookie-delete page directly with a browser, making sure that the browser session has established Passport cookies in your site. It should return a check mark image. If it does not, there may be underlying Active Server Pages (ASP) errors. Your cookie-delete page should always return an image, even if you are using more sophisticated code that can detect deletion failures. Your site's cookie-delete page is loaded as an image, not as a file include, when it is called by the Passport network. - Ensure that your cookie-delete page specifies its output response file type as an image. Some Microsoft Internet Explorer browsers (depending on security patches) do not load any URL that is called as an unless the MIME type that is returned through that URL really specifies an image as content type. - If the problem is isolated to Internet Explorer version 6 beta browser users, ensure that your your cookie-delete page is setting a Platform for Privacy Preferences (P3P) mini-header, which is required for proper cookie deletion on that browser. This is due to the implementation of P3P code in that browser and its effect on certain cookie-delete scenarios. For details on P3P, Internet Explorer 6, and the specific mini-header requirements, see the following Passport SDK Web site: Passport and P3P http://www.passport.com/sdkdocuments/sdk14/Implementation/p3p.htm - Check the browser preferences on the browser that is being used for testing. Internet Explorer 6 and other browsers permit certain non-default security zone or advanced settings that prevent proper cookie read or write operations. Allowing for cookie sets, writes, and deletes is a requirement for any browser user when using Passport services. Additional query words: ====================================================================== Keywords : Technology : kbMSNSearch kbPassport140 kbPassportSearch Version : :1.4 Issue type : kbprb ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.