Session variables do not persist between requests after you install Internet Explorer security Patch


The retired, out-of-support Internet Explorer 11 desktop application has been permanently disabled through a Microsoft Edge update on certain versions of Windows 10. For more information, see Internet Explorer 11 desktop app retirement FAQ.

This article provides methods to solve the problem of missing session variables in Internet Explorer.

Original product version:   Internet Explorer 5.5, Internet Explorer 6.0
Original KB number:   316112


After you install security patch for Microsoft Internet Explorer 5.5 or 6.0, you may encounter the following problems:

  • Session variables are lost.
  • Session state is not maintained between requests.
  • Cookies are not set on the client system.


These problems can also occur after you install a more recent patch.


Security patch prevents servers with improper name syntax from setting cookies names. Domains that use cookies must use only alphanumeric characters ("-" or ".") in the domain name and the server name. Internet Explorer blocks cookies from a server if the server name contains other characters, such as an underscore character ("_").

Because ASP session state and session variables rely on cookies to function, ASP cannot maintain session state between requests if cookies cannot be set on the client.

This issue can also be caused by an incorrect name syntax in a host header.


To work around this problem, use one of the following methods:

  • Rename the domain name and the server name, and use only alphanumeric characters.
  • Browse to the server by using the Internet Protocol (IP) address rather than the domain/server name.


You may need to change the Microsoft Internet Information Server (IIS) configuration after you rename a server. For more information, see the References section.


This behavior is by design.


For more information about the RFC 883 specifications, see DOMAIN NAMES - IMPLEMENTATION and SPECIFICATION.