The information in this article applies to:
SYMPTOMSAfter you upgrade to Internet Explorer version 5.0, you cannot log on to a site using an HTML Authentication Form. When you submit username and password details, the HTML Authentication Form reloads and asks for the username and password again, but no error message is returned. CAUSESite Server 3.0 Authentication Forms use an ISAPI Filter called an Auth Filter. This filter returns a cookie that is used to establish session authentication. If the domain name of the server hosting the site is international (for example www.microsoft.com.au), then the default installation of Site Server 3.0 sends the FormsAuth cookie with a domain of com.au. Internet Explorer versions 5.0 and later reject this cookie, as it does not clearly indicate the origin of the cookie and therefore is a potential security risk. Site Server 3.0 Authentication Forms return only com.au for the FormsAuth cookie domain because the default installation of Site Server 3.0 sets the global configuration variable CookieScope to a value of 2. RESOLUTION
To resolve this problem, apply the latest Site Server 3.0 service pack.
STATUSMicrosoft has confirmed this to be a problem in Site Server version 3.0. This problem has been corrected in the
latest U.S. service pack for Site Server version 3.0. For information on obtaining the service pack, query on the
following word in the Microsoft Knowledge Base (without the spaces): S E R V P A C K Additional query words: cookie SS3 SP1
Keywords : |
|
Last Reviewed: May 13, 1999 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |