This has clearly nothing to do with Tomcat, since the cookie is being set - just not accepted by the IE. This must be security issue in IE then. Maybe this MS articlewould help to tune it.

这显然与 Tomcat 无关，因为 cookie 正在设置 - 只是不被 IE 接受。这一定是 IE 中的安全问题。也许这篇 MS 文章将有助于调整它。

Have you checked that the server time is correct?

您是否检查过服务器时间是否正确？

I have had similar problems recently with IE not accepting cookies properly. After a lot of head scratching it turned out to be because the time difference between the server and client machines was so big that IE refused to accept the cookie. This was in Apache however.

我最近遇到了类似的问题，IE 无法正确接受 cookie。折腾了好久，原来是因为服务器和客户端机器的时间差太大，IE拒绝接受cookie。然而，这是在Apache中。

Try using the standard HTTP port (80). I've read about issues with port numbers in URLs regarding privacy/security in IE more than once but can't seem to find relevant links at this time.

尝试使用标准 HTTP 端口 (80)。我已经不止一次阅读过有关 IE 中隐私/安全性的 URL 端口号问题，但目前似乎找不到相关链接。

What security zone is the dev1 site part of? IE handles cookies and lots of other security differently depending on which zone (and how the zone is configured).

dev1 站点属于哪个安全区域？IE 根据哪个区域（以及区域的配置方式）以不同方式处理 cookie 和许多其他安全性。

Try setting the dev1 site to explicitly be part of the Trusted Sites for example and see what happens.

例如，尝试将 dev1 站点明确设置为可信站点的一部分，然后看看会发生什么。

Zones:

区域：

Internet
Local Intranet
Trusted Sites
Restricted Sites

Also, does the cookie have to be restricted to the /testing path? Try setting it for / and see if that makes a difference.

另外，cookie 是否必须限制在 /testing 路径中​​？尝试将其设置为 / 并查看是否有所不同。

I would try using the fully qualified hostname of the server. MSIE treats hostname without domains as being in the "Local intranet" and handles security differently.

我会尝试使用服务器的完全限定主机名。MSIE 将没有域的主机名视为位于“本地 Intranet”中，并以不同方式处理安全性。

Specifically, instead of:

具体来说，而不是：

http://devl:8080/testing/

Try using something like:

尝试使用类似的东西：

http://devl.mydomain.com:8080/testing/

I agree with Lexicore - the cookie protocol from the web server looks right, so there's something with IE. It would be easier to figure out how to address the issue if we understood better why IE is rejecting the cookie. Alternatively, ask a friend to hit the site for you in IE to help confirm its a server issue not a browser instance issue.

我同意 Lexicore - 来自网络服务器的 cookie 协议看起来是正确的，所以 IE 有一些东西。如果我们更好地理解 IE 拒绝 cookie 的原因，那么找出如何解决这个问题会更容易。或者，请朋友在 IE 中为您访问该站点，以帮助确认其是服务器问题而不是浏览器实例问题。

Here is some things to check to help debug with IE and cookies - unfortunately, there's a mess of options to check. Sorry if some of these items seem basic - I just don't wnat to make any assumptions. I'm following along in IE 8.0 for this.

以下是一些需要检查的内容，以帮助调试 IE 和 cookie - 不幸的是，要检查的选项太多了。对不起，如果这些项目中的一些看起来很基本 - 我只是不想做任何假设。为此，我正在 IE 8.0 中跟进。

First, browse to the target site (http://devl:8080/testing/) in IE. Then:

首先，在 IE 中浏览到目标站点 ( http://devl:8080/testing/)。然后：

1. Confirm what zone IE classifies 'http://devl:8080/testing/'. (This could explain why its works with Tomcat on your local machine.) The zone is displayed in the bottom bar of the browser and it most likely says "Internet". If it instead says "Local intranet", "Trusted Site", or "Restricted Site", this may be part of the problem and you should update your question or figure out why it isn't classified as Internet.

2. Double-click on the zone indicator in the bottom bar (presumably "Internet") to open the Security dialog. Is the Security Level for Internet set to Medium-high? If it isn't, this could be part of the problem and you should probably reset it back to match your users.

3. Select the "Internet" zone and then click the "Custom level ..." button to open the Security Settings dialog. Confirm the "Userdata persistence" option is set to "Enable". The "Userdata persistence" option is in the bottom 1/4 of the list of options in the "Miscenllaneous" section (near the bottom of the section just above the next section "Scripting").

4. Click OK on each dialog to close both of them.

5. On the menubar (enable it if it is not enabled), click "Tools" > "Internet Options". Select the "Privacy" tab. I know you mentioned you tried some things here, but those changes may not affect your site if your site is not in the Internet zone or if your site in the "Per Site Privacy Actions" exception list, so its best to just confirm.

6. Is the privacy setting in the Privacy tab set to Medium? If not, you may want to reset to default.

7. Click the "Sites" button to open the Per Site Privacy Actions dialog. Is your dev1 site listed? If so, remove it. Click OK to dismiss the dialog. Alternatively, you could force your dev1 site to always Allow cookies.

8. Click the "Advanced" button. Is "Override automatic cookie handling checked? If so, you might want to uncheck it to match your users. Alternatively, try checking it and checking "Always allow session cookies."

9. Click OK on each dialog to close both of them.

10. Confirm the browser is still at target site ('http://devl:8080/testing/'). Click "View" > "Webpage Privacy Policy..." to view the Privacy Report dialog. Does the list include "http://dev1:8080/testing/"? Does the Cookie column indicate "Accepted" for "http://dev1:8080/testing/"?

11. Select "http://dev1:8080/testing/" from the list. Click Summary to see the Privacy Policy. If set one for the your site, you should see it here. Otherwise, you should get a message that a privacy policy was not found. Look at the bottom of the dialog to see how the site is set to use cookies (compare, always allow, or never allow).

1. 确认 IE 将哪个区域归类为“ http://devl:8080/testing/”。（这可以解释为什么它可以在您的本地机器上与 Tomcat 一起使用。）该区域显示在浏览器的底部栏中，并且很可能会显示“Internet”。如果它改为显示“本地 Intranet”、“受信任的站点”或“受限站点”，这可能是问题的一部分，您应该更新您的问题或弄清楚为什么它没有被归类为 Internet。

2. 双击底部栏中的区域指示器（大概是“Internet”）以打开安全对话框。Internet 的安全级别是否设置为中高？如果不是，这可能是问题的一部分，您可能应该将其重置以匹配您的用户。

3. 选择“Internet”区域，然后单击“自定义级别...”按钮打开“安全设置”对话框。确认“用户数据持久性”选项设置为“启用”。“用户数据持久性”选项位于“其他”部分中选项列表的底部 1/4（靠近下一部分“脚本”上方的部分底部）。

4. 在每个对话框上单击确定以关闭它们。

5. 在菜单栏上（如果未启用则启用它），单击“工具”>“Internet 选项”。选择“隐私”选项卡。我知道您提到您在这里尝试了一些事情，但是如果您的站点不在 Internet 区域中，或者如果您的站点在“每站点隐私操作”例外列表中，这些更改可能不会影响您的站点，因此最好确认一下。

6. 隐私选项卡中的隐私设置是否设置为中？如果没有，您可能需要重置为默认值。

7. 单击“站点”按钮打开每个站点隐私操作对话框。您的 dev1 站点是否已列出？如果是这样，请将其删除。单击“确定”关闭对话框。或者，您可以强制您的 dev1 站点始终允许 cookie。

8. 单击“高级”按钮。是否选中了“覆盖自动 cookie 处理”？如果是，您可能希望取消选中它以匹配您的用户。或者，尝试选中它并选中“始终允许会话 cookie”。

9. 在每个对话框上单击确定以关闭它们。

10. 确认浏览器仍在目标站点 (' http://devl:8080/testing/')。单击“查看”>“网页隐私政策...”以查看隐私报告对话框。该列表是否包括“ http://dev1:8080/testing/”？Cookie 列是否为“ http://dev1:8080/testing/”指示“已接受”？

11. 从列表中选择“ http://dev1:8080/testing/”。单击摘要以查看隐私政策。如果为您的站点设置了一个，您应该在此处看到它。否则，您应该收到一条消息，指出未找到隐私政策。查看对话框底部以了解站点如何设置为使用 cookie（比较、始终允许或从不允许）。

Hope this helps or gives you some ideas to pursue.

希望这对您有所帮助或给您一些追求的想法。

Ref:

参考：

• http://blogs.msdn.com/ieinternals/archive/2009/08/20/WinINET-IE-Cookie-Internals-FAQ.aspx
• http://www.practicalmachinist.com/vb/general/how-manage-cookies-internet-explorer-181641/
• http://support.microsoft.com/kb/283185

• http://blogs.msdn.com/ieinternals/archive/2009/08/20/WinINET-IE-Cookie-Internals-FAQ.aspx
• http://www.practicalmachinist.com/vb/general/how-manage-cookies-internet-explorer-181641/
• http://support.microsoft.com/kb/283185

This forum concerning P3P seems relevant.

这个关于 P3P 的论坛似乎很相关。

Also have you considered setting your domain and expiration date for the session cookie?

您是否还考虑过为会话 cookie 设置域和到期日期？

It seems from what you're saying that you've only seen this issue in IE and only using computers in your office. Is there any sort of "security suite" installed by IT on all office computers, and if so, can you temporarily disable it? Oftentimes, these types of applications hook into IE and muck with its HTTP stack. If you do have software like that installed, do you have a "clean" installation or non-company computer you can test with?

从你说的情况看，你只在IE中看到过这个问题，而且只在你办公室里使用过电脑。IT 部门是否在所有办公电脑上安装了某种“安全套件”，如果是，您是否可以暂时禁用它？通常，这些类型的应用程序会挂接到 IE 中，并弄乱其 HTTP 堆栈。如果您确实安装了类似的软件，您是否有可以测试的“干净”安装或非公司计算机？

I ran into this exact problem, dug around for a while, and found this:

我遇到了这个确切的问题，挖掘了一段时间，发现了这个：

http://forums.iis.net/p/1147938/1879164.aspx

http://forums.iis.net/p/1147938/1879164.aspx

which says that domain names that have underscores in them cause problems with Windows Server, tomcat and IE

这表示其中包含下划线的域名会导致 Windows Server、tomcat 和 IE 出现问题

not sure if this fixes your problem (and at this point, you probably don't care) but maybe the next person who comes along can gain some value from it.

不确定这是否能解决您的问题（此时您可能不在乎）但也许下一个出现的人可以从中获得一些价值。

Problem: IE8 refused to accept cookies on a site I had built, but Firefox and IE7 worked just fine and had done so for ages - this was stable code.

问题：IE8 拒绝接受我建立的网站上的 cookie，但 Firefox 和 IE7 工作得很好并且已经这样做了很长时间——这是稳定的代码。

Solution (for me): My server is in a different time zone to the client machine. The STUPID, IDIOTIC IE8 tries to be clever and refuses to accept cookies (stored in the local client machine) with a 20 minute life. My PHP code was straight from the text book, thus:

解决方案（对我而言）：我的服务器与客户端计算机位于不同的时区。STUPID, IDIOTIC IE8 试图变得聪明并拒绝接受 20 分钟生命周期的 cookie（存储在本地客户端机器中）。我的 PHP 代码直接来自教科书，因此：

setcookie($name,$value,time()+1200);

But it works fine if I change it to, for example -

但是，如果我将其更改为例如 -

setcookie($name,$value,time()+120000);

This still leaves me with the problem of making the cookie die after 20 minutes, but at least my users can now use my website with IE8. I pass on this information in case it may help someone else.

这仍然给我留下了使 cookie 在 20 分钟后消失的问题，但至少我的用户现在可以使用 IE8 使用我的网站。我传递这些信息，以防它可以帮助其他人。