Check in your auth config how the Secure attribute is being set on the auth cookie. Chrome has an exception where you can set a secure cookie on localhost (which is not technically secure). It could be that accessing it by IP is NOT subject to this exception and so the Secure attribute prevents the cookie from being sent back by the browser when accessed via http.