I ran into an interesting phenomenon the first time I used IE protected mode.   I’m documenting it here, in case somebody else gets into this situation.

My test blogs are at http://pamelaproject.com, but my login page and the rest of my administrative pages are protected using HTTPS.   Past use had resulted in my having added https://pamelaproject.com to my trusted sites list in IE.

If you use the default settings for enablement of protected mode in IE,  Internet sites operate with protected mode on, while trusted sites operate with protected mode off.  When I attempted to go to my blog front page,  IE was in protected mode – but by authenticating, I changed from an Internet Site to a Trusted Site, and changed protection mode.  The result was extremely unsatisfactory.

Upon logging in, a separate IE instance started, showing an authenticated WordPress admin page.  I could view my profile or use other admin functionality.  If I tried to visit my main WordPress site blog front page content however,  I was taken to my original IE instance — where I could view my front page, but where I was not authenticated.  It was a lovely catch-22: If I tried to comment, I’d end up in IE window #1, with no user session.  If I tried to authenticate, boom!  I’d end up in the IE window #2, authenticated, but with nothing to comment on.

Fun huh?

To fix this problem, you can simply remove the https url of your site from your trusted sites list, so that everything runs in the same protection mode.  You can also meddle with your protection mode settings per site classification — after all, what’s the point in turning protection mode off for trusted sites, if doing so causes complexity rather than reducing complexity? At least if everything is in protected mode, you don’t have unasked-for windows popping up when you least expect them.  Of course, I haven’t used IE enough recently to know if there are other reasons why you would want protection turned off.   I suppose only time will tell.