RE: IE6 session state problem.

That's why I've asked you if you have the char "_" in your hostname. I had a similar problem with that. If your IE6 has this patch, it won't work at all. It looks like there's a hack attack where the malicious user takes advantage of it. Don't ask for further details.. I don't have a clue of how this works. Because of it, this patch blocks cookie transactions when the "_" is present.

To fix it, I've changed the hostname... :)
_
Dalton Iwazaki

-----Original Message-----
From: owner-resin-interest@caucho.com
[mailto:owner-resin-interest@caucho.com]On Behalf Of stefan
Sent: Thursday, September 26, 2002 14:30 Dalton
To: resin-interest@caucho.com
Subject: Re: IE6 session state problem.


Hi,

I tried to access the site via IP # instead of the domain name and sorta
worked - in that we loss session values but were able to other session
values to load.

Anyone come up with a workaround for this problem ?


----- Original Message -----
From: "stefan" <nickm@studioweb.com>
To: <resin-interest@caucho.com>
Sent: Thursday, September 26, 2002 1:13 PM
Subject: Re: IE6 session state problem.


> Hi,
>
> First - how would I create the sniffer?
>
> 2nd:
>
> I went outside of JSP and found people are having the same problem with
ASP
> and PHP. And I found this article on Microsofts site:
>
> PRB: Session Variables Do Not Persist Between Requests After You Install
> Internet Explorer Security Patch MS01-055
> The information in this article applies to:
> Microsoft Active Server Pages
> Microsoft Internet Explorer (Programming) 5.5, 6
> SYMPTOMS
> After you install security patch MS01-055 for Microsoft Internet Explorer
> 5.5 or 6.0, you may encounter the following problems:
> Session variables are lost.
> Session state is not maintained between requests.
> Cookies are not set on the client system.
> NOTE: These problems can also occur after you install a more recent patch
> that includes the fix that is provided in security patch MS01-055.
> CAUSE
> Security patch MS01-055 prevents servers with improper name syntax from
> setting cookies names. Domains that use cookies must use only alphanumeric
> characters ("-" or ".") in the domain name and the server name. Internet
> Explorer blocks cookies from a server if the server name contains other
> characters, such as an underscore character ("_").
>
> Because ASP session state and session variables rely on cookies to
function,
> ASP cannot maintain session state between requests if cookies cannot be
set
> on the client.
> RESOLUTION
> To work around this problem, use one of the following methods:
> Rename the domain name and the server name, and use only alphanumeric
> characters.
> Browse to the server by using the Internet Protocol (IP) address rather
than
> the domain/server name.
> NOTE: You may need to change the Microsoft Internet Information Server
(IIS)
> configuration after you rename a server. For more information, refer to
the
> "References" section.
>
> ----- Original Message -----
> From: "Joseph Dane" <jdane@lava.net>
> To: <resin-interest@caucho.com>
> Sent: Thursday, September 26, 2002 1:06 PM
> Subject: Re: IE6 session state problem.
>
>
> > "stefan" <nickm@studioweb.com> writes:
> >
> > > And I get a null and only in IE6? Where as in IE5 and NS4 it returns
the
> > > value assigned to it.
> >
> > could it be that cookies are disabled in IE6? also, there are new
> > privacy settings (including some idiotic P3P stuff) that can affect
> > which cookies are accepted.
> >
> > > Any ideas
> >
> > you could use a sniffer to check that IE is sending the JSESSIONID
> > cookie back to resin.
> >
> > --
> >
> > joe
>

Received on Thu 26 Sep 2002 10:33:46 -0700