PRB: Site Server 3.0 with HTML Authentication Form Fails After IE 5.0 Upgrade (225250)
The information in this article applies to:
- Microsoft Internet Explorer 5.0 for Windows NT 4.0
- Microsoft Internet Explorer 5.0 for Windows 98
- Microsoft Internet Explorer 5.0 for Windows 95
- Microsoft Site Server 3.0
This article was previously published under Q225250 SYMPTOMS
After you upgrade to Internet Explorer version 5.0, you cannot log on to a site using an HTML Authentication Form. When you submit username and password details, the HTML Authentication Form reloads and asks for the username and password again, but no error message is returned.
CAUSE
Site Server 3.0 Authentication Forms use an ISAPI Filter called an Auth Filter. This filter returns a cookie that is used to establish session authentication. If the domain name of the server hosting the site is international (for example www.microsoft.com.au), then the default installation of Site Server 3.0 sends the FormsAuth cookie with a domain of com.au. Internet Explorer versions 5.0 and later reject this cookie, as it does not clearly indicate the origin of the cookie and therefore is a potential security risk. Site Server 3.0 Authentication Forms return only com.au for the FormsAuth cookie domain because the default installation of Site Server 3.0 sets the global configuration variable CookieScope to a value of 2.
RESOLUTION
To resolve this problem, apply the latest Site Server 3.0 service pack.
STATUS
Microsoft has confirmed this to be a problem in Site Server version 3.0. This problem has been corrected in the
latest U.S. service pack for Site Server version 3.0. For information on obtaining the service pack, query on the
following word in the Microsoft Knowledge Base (without the spaces):
| Modification Type: | Major | Last Reviewed: | 10/1/2002 |
|---|
| Keywords: | kbprb KB225250 |
|---|
|