Tuesday, August 02, 2005

Problems with formsauthentication and sessions - check your cookies

I had an interesting problem last week when installing an ASP.Net webapplication - this webapplications uses formsauthentication but when a user tried to login, it didn't work, he just got immediately redirected to the login page. But wait, ... it gets even weirder, the formsauthentication did work when surfing locally (with http://localhost) and also when surfing to the website with IP address. After a while I found the problem - the server had an underscore in its name and in combination with security patch MS01-55 for Internet Explorer this result in the fact that the cookies were not recognized as valid. After removing the underscore in the server name everything worked just fine.

For more info, read http://support.microsoft.com/default.aspx?scid=kb;EN-US;316112
[Listening to: Voices - Disturbed - The Sickness [UK] (03:13)]

No comments: