Why browsers don't/save cookies (on different networks)?

A

Alexey Rusakov2014-10-02 13:18:41

Browsers

Alexey Rusakov, 2014-10-02 13:18:41

Good afternoon.
There is a website written by a third-party developer, hosted inside our organization on a virtual (hyper-v) Ubuntu 14.04.1 LTS: www.oursite.ru. At the moment, work is underway to modernize the site on a separate subdomain new.oursite.ru. The admin panel is located at new.oursite/-admin. Recently, a user within an organization cannot log in to the admin panel: after entering credentials, it remains on the authorization page. There is a login event in the DB, i.e. the entered data is correct. The developer said that the problem is that the cookie generated after authorization is not saved by the browser.
The strangest thing is that this happens regardless of browsers and user rights within the organization, in addition, also on the tablet via the 3G network, from some remote jobs outside the organization.
At the same time, everything on the developer's home PC functions normally: you can log in to the admin panel, log out, repeat the entry of credentials after manually deleting the cookie. Similarly, everything happens at the author's house, from a number of terminal servers. The pattern could not be identified.
And now the slides. ©
The situation when logging in from a client computer, on which everything is in order:

Web server logs for it:

client_ip - - [02/Oct/2014:11:34:21 +0400] "GET /-admin HTTP/1.1" 301 318 "-" "useragent_skipped" "-"
client_ip - - [02/Oct/2014:11:34:21 +0400] "GET /-admin/ HTTP/1.1" 200 510 "-" "useragent_skipped" "a_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/"
client_ip - - [02/Oct/2014:11:34:21 +0400] "GET /-admin/admin.css HTTP/1.1" 200 378 "http://new.oursite.ru/-admin/" "useragent_skipped" "-"
client_ip - - [02/Oct/2014:11:34:21 +0400] "GET /-admin/images/locked.gif HTTP/1.1" 304 - "http://new.oursite.ru/-admin/" "useragent_skipped" "-"
client_ip - - [02/Oct/2014:11:34:21 +0400] "GET /favicon.ico HTTP/1.1" 304 - "-" "useragent_skipped" "-"
client_ip - - [02/Oct/2014:11:34:39 +0400] "POST /-admin/ HTTP/1.1" 200 1028 "http://new.oursite.ru/-admin/" "useragent_skipped" "a_id=MjQ6bWF0ZXk6JDEkVi92MXVUdjckaFdGN2hvcktQeDBid3dtNW5rTDRUMToxNTA5NzA5MzA5; expires=Thu, 09-Oct-2014 07:34:39 GMT; Max-Age=604800; path=/, a_id=MjQ6bWF0ZXk6JDEkVi92MXVUdjckaFdGN2hvcktQeDBid3dtNW5rTDRUMToxNTA5NzA5MzA5; expires=Thu, 09-Oct-2014 07:34:39 GMT; Max-Age=604800; path=/"
client_ip - - [02/Oct/2014:11:34:39 +0400] "GET /-admin/images/folder-open.gif HTTP/1.1" 304 - "http://new.oursite.ru/-admin/" "useragent_skipped" "-"
client_ip - - [02/Oct/2014:11:34:39 +0400] "GET /-admin/images/cancel.gif HTTP/1.1" 304 - "http://new.oursite.ru/-admin/" "useragent_skipped" "-"
client_ip - - [02/Oct/2014:11:34:39 +0400] "GET /-admin/images/announce.gif HTTP/1.1" 304 - "http://new.oursite.ru/-admin/" "useragent_skipped" "-"
client_ip - - [02/Oct/2014:11:34:39 +0400] "GET /-admin/images/edit.gif HTTP/1.1" 304 - "http://new.oursite.ru/-admin/" "useragent_skipped" "-"
client_ip - - [02/Oct/2014:11:34:39 +0400] "GET /-admin/images/users.gif HTTP/1.1" 304 - "http://new.oursite.ru/-admin/" "useragent_skipped" "-"
client_ip - - [02/Oct/2014:11:34:39 +0400] "GET /libs/js/jquery-2.1.1.min.js HTTP/1.1" 200 29497 "http://new.oursite.ru/-admin/" "useragent_skipped" "-"
client_ip - - [02/Oct/2014:11:34:39 +0400] "GET /-admin/images/cc.gif HTTP/1.1" 304 - "http://new.oursite.ru/-admin/" "useragent_skipped" "-"
client_ip - - [02/Oct/2014:11:34:39 +0400] "GET /-admin/images/window-2.gif HTTP/1.1" 304 - "http://new.oursite.ru/-admin/" "useragent_skipped" "-"
client_ip - - [02/Oct/2014:11:34:39 +0400] "GET /-admin/images/upload.gif HTTP/1.1" 304 - "http://new.oursite.ru/-admin/" "useragent_skipped" "-"
client_ip - - [02/Oct/2014:11:34:39 +0400] "GET /-admin/images/cal.gif HTTP/1.1" 304 - "http://new.oursite.ru/-admin/" "useragent_skipped" "-"
client_ip - - [02/Oct/2014:11:34:39 +0400] "GET /-admin/images/actions.gif HTTP/1.1" 304 - "http://new.oursite.ru/-admin/" "useragent_skipped" "-"

The situation on the computer that does not work:

Log:

192.168.0.28 - - [02/Oct/2014:11:26:10 +0400] "GET /-admin HTTP/1.1" 301 318 "-" "useragent_skipped" "-"
192.168.0.28 - - [02/Oct/2014:11:26:10 +0400] "GET /-admin/ HTTP/1.1" 200 510 "-" "useragent_skipped" "a_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/"
192.168.0.28 - - [02/Oct/2014:11:26:10 +0400] "GET /-admin/admin.css HTTP/1.1" 200 378 "http://new.oursite.ru/-admin/" "useragent_skipped" "-"
192.168.0.28 - - [02/Oct/2014:11:26:10 +0400] "GET /-admin/images/locked.gif HTTP/1.1" 200 589 "http://new.oursite.ru/-admin/" "useragent_skipped" "-"
192.168.0.28 - - [02/Oct/2014:11:26:10 +0400] "GET /favicon.ico HTTP/1.1" 200 894 "-" "useragent_skipped" "-"
192.168.0.28 - - [02/Oct/2014:11:26:29 +0400] "POST /-admin/ HTTP/1.1" 200 510 "http://new.oursite.ru/-admin/" "useragent_skipped" "a_id=MjQ6bWF0ZXk6JDEkVi92MXVUdjckaFdGN2hvcktQeDBid3dtNW5rTDRUMTozMjMyMjM1NTQ4; expires=Thu, 09-Oct-2014 07:26:29 GMT; Max-Age=604800; path=/, a_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/"
192.168.0.28 - - [02/Oct/2014:11:26:29 +0400] "GET /-admin/admin.css HTTP/1.1" 200 378 "http://new.oursite.ru/-admin/" "useragent_skipped" "-"
192.168.0.28 - - [02/Oct/2014:11:26:29 +0400] "GET /-admin/images/locked.gif HTTP/1.1" 200 589 "http://new.oursite.ru/-admin/" "useragent_skipped" "-"

Accordingly, there is a clear difference in the line responsible for passing the cookie during authorization; Of course, on a computer on which nothing works, there is no cookie in the store.
Tell me where to look or immediately kick the developer?