Cannot Log on Using HTML Authentication Form after Upgrading to Internet Explorer 5.0ID: Q225250
|
After you upgrade to Internet Explorer version 5.0, you cannot log on to a site using an HTML Authentication Form. When you submit username and password details, the HTML Authentication Form reloads and asks for the username and password again, but no error message is returned.
Site Server 3.0 Authentication Forms use an ISAPI Filter called an Auth Filter. This filter returns a cookie that is used to establish session authentication. If the domain name of the server hosting the site is international (for example www.microsoft.com.au), then the default installation of Site Server 3.0 sends the FormsAuth cookie with a domain of com.au. Internet Explorer versions 5.0 and later reject this cookie, as it does not clearly indicate the origin of the cookie and therefore is a potential security risk. Site Server 3.0 Authentication Forms return only com.au for the FormsAuth cookie domain because the default installation of Site Server 3.0 sets the global configuration variable CookieScope to a value of 2.
To resolve this problem, apply the latest Site Server 3.0 service pack.
Microsoft has confirmed this to be a problem in Site Server version 3.0. This problem has been corrected in the
latest U.S. service pack for Site Server version 3.0. For information on obtaining the service pack, query on the
following word in the Microsoft Knowledge Base (without the spaces):
S E R V P A C K
Additional query words: cookie SS3 SP1
Keywords :
Version : WINDOWS:5; winnt:3.0
Platform : WINDOWS winnt
Issue type : kbprb Last Reviewed: May 13, 1999