Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IE critical update for cookie exploit causes new problem?

Status
Not open for further replies.

Guest_imported

New member
Jan 1, 1970
0
We installed the critical update for the recent cookie exploit ( on 3 different platforms (IE5.5 SP2 on Win98, IE6 on Win98, IE5.5SP 2 on Win2k) , and seem to have suffered an interesting side-effect.

Once installed, the browser seems to have problems with session cookies / session variables. It sets the cookie ok, but when redirecting (on a relative path) to another script, it loses it cookie values.

We've duplicated this on 3 machines, and on 2 servers, and have also seen it affect the login for email. There are probably many other sites affected.

we're unsure of whether this is a bug or a feature of the update. Could somebody else try and replicate this problem? You could test it by setting up an email account at talk21.com, then install the update, then try and log back into your email account.

There is one other interesting aspect to this problem. It works fine when you hit the site using their IP, rather than their DNS name. Oh, and it works fine in Netscape as well (surprisingly)
 
Hi There, I am having the same type of problem. No clue as to how to fix it.

I have applied the I.E. security update dated 11/20/01 and 11/13/01 to both I.E. 5.5 sp2 and to I.E. 6.0.

Now when I try to access an ASP application, a cookie which stores session variables is not being created, so the application does not work. The update also affected Crystal Reports which uses cookies, it runs on a different server.

If I use the server IP address in place of the server name in the Location, the cookie is created successfully.

I noticed when I use the ip address, I.E. treats it as an Internet Site. If I use the server name it treats it as an Intranet site. I checked the security settings and also forced it to treat the server name as an internet site, but it still does not create the cookie.

Any help is greatly appreciated.
 
have you had any luck with this? I'm still stumped and it appears it's not as common a problem as I thought it would be.

Whenever I have posted this, I've had "experts" claim it is my code that's causing it, or a browser setting, but they've not been able to pinpoint anything specific. You are now the 5 person I've seen who is suffering similar problems, but still nobody has come up with a suitable answer.
 
I am working with Microsoft on this. But they have yet given any real help. Their normal, try this, ok try this, ok try this, and so on for the last two weeks.

Do you know of any Internet sites that have this problem? I am unable to reproduce the error you had with
I am also having problems with servers on the intranet that run Crystal Reports 7.5 web reports. If I try to generate a report on a patched workstation, I get blank reports.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top