One would think that when opening hyperlinks from a Word/Excel document, the default browser would be started with the desired URL, but strangely enough, this is not the case - which leads to unpleasant side effects and makes links for session/cookie-based log-in protected pages in said Office programs impossible.
The module named "User Agent: Microsoft Office Existence Discovery", which is named by Microsoft, is to blame for this problem, as it preloads the link in the background and follows any redirects. The problem can be reproduced as follows: First, create two files named "loggedin.php" (page in logged in state) and "login.php" (page for login):
after calling "loggedin.php" directly, you will get in the original state directly to "login.php", where the cookie "logged_in" will be set immediately. after calling "loggedin.php" again, you will get the message "you are logged in". if you now link to "loggedin.php" within Word or Excel (from version 2007), you will always get directly to "login.php", no matter if you have logged in before or not.
The Office programs start a component of Internet Explorer in the background to check whether the URL exists. Any redirects are also tracked to the end and the last URL without redirect (in our case "login.php") is returned and called with the standard browser. A possible solution is to intercept and block the background call on the first page: