Problem:

After upgrading Internet Explorer to a new version (versions 8 and up), users who access protected resources are re-challenged, despite having a valid session issued to them by a successful login. When analyzing the headers, it appears that the SMSESSION is missing from the header. This behavior does not appear in either Chrome or Firefox and appears to be IE-specific.

Cause:

Recent versions of IE (versions 9 through 11) have security features that can sometimes "scrub" SMSESSION cookies from the headers if the protected application is not listed as a "Trusted Site" in the Windows OS "Internet Options" settings. By default, the option "Allow all cookies" is disabled by default for zones that are not part of "Local Intranet" zone, which can cause the stated behavior.

This can result in frequent re-challenges between protected applications in the same Domain or Realm, as the SMSESSION information is "lost" in this manner.

 

Workaround:

Make sure that in all IE deployments that non-Local Intranet zones "trust" the protected application, and that "Allow all cookies" is subsequently enabled to address this issue. In environments with many IE workstations deployed; this may require coordination with Windows user access administrators.

Additional Information:

http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies

Blocking cookies might prevent some pages from displaying correctly, or you might get a message from a site letting you know that you need to allow cookies to view that site.

To allow cookies

Open the desktop, and then tap or click the Internet Explorer icon on the taskbar.

Tap or click the Tools button Tools button, and then tap or click Internet options.

Tap or click the Privacy tab, and under Settings, move the slider to the bottom to allow cookies, and then tap or click OK.