Whenever I try to login, I get a message stating that I don't have cookies enabled. What's going on?

Under normal operation the Web site uses the HTTP protocol to deliver content. In a small number of cases we use HTTP with SSL encryption (commonly referred to as HTTPS) to protect the security of the data moving across the network. Our login procedure is one such case.

When one tries to access a resource on the Web site, the system checks for the presence of a login ticket (or, more generically, a cookie). If there is no ticket available, the browser is redirected to a URL (using HTTP) where the person enters a login and password. When the person clicks the Log In button, the login and password are delivered to the Web site via HTTPS, and the Web site returns a login ticket via HTTPS. Finally the Web site returns the person to the original Web page or resource via HTTP. If anything goes wrong during this process, we deliver an error message about cookies not being enabled, which is the most common cause of failure. The next most common failure is when a site uses a proxy server or firewall, but only proxies HTTP, not HTTPS, and so the transaction fails.

The work around is to force the entire transaction through HTTPS. Here's an easy way to do that:

  1. Go to this page: http://www.icpsr.umich.edu/mydata?path=ICPSR

  2. This should redirect you to the error page about cookies not being enabled. The URL in the "Address bar" should look like this:


  3. Modify the URL above, adding in an "s" between the "p" in "http" and the semicolon. It should now look like this:


  4. Enter your MyData login and password, and click the Log In button.Or click the Log In Anonymously button.

  5. You should now have this URL in your "Address bar"(http://www.icpsr.umich.edu/mydata?path=ICPSR) and have a list of account-related actions you can take. The important thing, though, is that you now have a ticket (cookie) and should be able to download resources. If you click the logo at the top of the page, that will return you to the home page, and you can then use the Web site as usual.

Please note that you cannot combine steps (1) and (3) by starting at a HTTPS-delivered version of the home page, because you will still be redirected to an HTTP-type link for the login page after performing step (2). Thus step (3) will still be necessary, and it will also force many web fetches to incur the SSL encryption overhead on both our server and your desktop machine.