Persistent cookies are not shared between Internet Explorer and Office applications
Missing persistent cookiesWhen Office applications communicate with the Web server, they do not send persistent cookies that are saved by Internet Explorer back to the Web server. This behavior may result in the following situations for a Web application that expects these cookies:
- Loss of session state
- Loss of transactional awareness
Missing temporary filesContent that is downloaded by Internet Explorer appears to be missing in the temporary-files cache. This situation may cause the following symptoms:
- Files are downloaded two times before they are opened. (That is, double GET requests are made.)
- Changes that are made to the file in one session may not be available to the other session. Therefore, the behavior of a Web application may be altered.
Authentication prompts or logon-page redirectionsIn the following scenarios, certain Single Sign-On (SSO) solutions that rely on persistent cookies for cross-application awareness may not work as expected:
- An Office application tries to open the document from a Web-service-aware document library such as a SharePoint site.
- An Office application tries to save the document from a Web-service-aware document library such as a SharePoint site.
- An Office application tries to interact with the document from a Web-service-aware document library such as a SharePoint site.
- Files that are set by Web sites under that mode
- Persistent cookies that are set by Web sites under that mode
To access Protected Mode in Internet Explorer, click Internet Options on the Tools menu, and then click Security. Protected Mode is enabled or disabled on a per-zone basis.
External applications that use the Microsoft Windows Internet (WinINet) API continue to use the regular cache location. These applications use this cache location even if the Web content with which they are working is in a zone that has Protected Mode enabled. This behavior causes a compatibility issue for existing Web clients. However, this behavior prevents the effective sharing of cache information between Internet Explorer and Office.
By default, Internet Explorer 7 and higher does not use the isolated cache location for the protected security zone. Therefore, when you make the site a trusted site, you enable the Web to save persistent cookies and temporary files to the regular cache. In this location, persistent cookies and temporary files are available to Office applications.
Note You can enable Protected Mode for the Trusted Sites zone by using the Internet Options dialog box. However, if you take this action, this issue may reappear. Therefore, if you want this resolution to work, you must leave Protected Mode disabled for the Trusted Sites zone.
When Internet Explorer 7 and higher runs in Protected Mode, Internet Explorer runs under a reduced security token. This token restricts the ability of Internet Explorer to access resources on the computer. The isolated cache is the only writable location that Internet Explorer has when it runs in Protected Mode. Internet Explorer is intentionally isolated from applications that are running under a regular security token. This behavior prevents the accidental elevation of user rights if Internet Explorer becomes compromised. However, this increased isolation comes at the cost of a less seamless interaction with other applications such as Office.
You can obtain more information about how to use SSO authentication together with Office SharePoint Server 2007. You can also obtain more information about the susceptibility of SSO authentication to this issue when SSO authentication is used together with Office SharePoint Server 2007. For more information, visit the following Microsoft TechNet Web site:
For more information about the isolated cache, visit the following Microsoft Developer Network (MSDN) Web site:
Article ID: 932118 - Last Review: 09/23/2011 11:27:00 - Revision: 4.0
- kbtshoot kbprb KB932118