When you click a button on a page in the CML Web application to read or submit a critique, a window is opened onto the Web version of the LitCrit form. The current ASP session, maintained by the CML application, is used to create the Microsoft Internet Explorer window to the LitCrit form, and the ASP SessionID is passed to the Web server.
When you execute a window.open command, you share a session with the parent window. In this case, the parent window is that of Outlook Web Access, and OWA sessions can be either authenticated or anonymous.
As originally designed, anonymous access would be used for reading critiques, and authenticated access would be reserved for opening a critique form in read/write mode.
If your first request is to write a critique, for example, you are logged on as using an authenticated session. If you make a subsequent request to read a critique, only anonymous access is required. But this request fails because anonymous access specifically is required. (In this case, anonymous rights are not included in the rights of the authenticated session already in effect.) You then see an error message.
Another scenario is that these requests are reversed, and you first want to read a critique, and then submit a new critique. This request would fail as well, because the rights of the initial (anonymous) session are insufficient for submitting (writing) a critique. You cannot switch between these two types of request in a single session.
To fix this problem, several alternative solutions were considered: