Coffeehouse Thread

4 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Has ANYBODY seen this behaviour with IE6?

Back to Forum: Coffeehouse
  • User profile image
    Ray6

    This is weird.  Sad

    We have an application that seems to show up some odd behaviour with IE6. Here's what we're seeing.

    Log on to the application through the browser.

    Close down the application, then start the application again, from the icon.

    The application is still logged in as the original user!

    Now I remember reading that IE will reuse the session if you open a new window from the same instance that is currently running.

    But surely it doesn't do this if you close down the app, then reopen it?

    Incidentally, Firefox does not seem to exhibit the same behaviour.

    Now here's where it gets weird. This only seems to be affecting me. Other machines on the network don't have this same problem, unless I log in; then the problem starts up. If they log back in, then it goes away. So it looks like it may be some glitch in my profile that's following me around the office!

    Has anyone seen this problem before?

  • User profile image
    blowdart

    Sounds like cookies aren't being cleared for you. It certainly sounds like an application problem, rather than an IE one.

    So clear your cache and your cookies, and see if that clears your session. If it does, then maybe the app isn't clearing them for you.

  • User profile image
    Ray6

    blowdart wrote:
    Sounds like cookies aren't being cleared for you. It certainly sounds like an application problem, rather than an IE one.

    So clear your cache and your cookies, and see if that clears your session. If it does, then maybe the app isn't clearing them for you.


    Now that's odd.

    Cleared the cookies and files. Shut down IE then restarted.

    .. and the bloody thing is still logged in!

    I'm going to check with the network folk; I think that somewhere along the line, the sessionid is being held and then returned when the same machine asks for it.

  • User profile image
    stevo_

    IE6 has two levels of cookies, in memory cookies that are stored in the memory of the application, these are usually session cookies. Persistent cookies are stored in files to ensure they survive on the client.

    This is why opening a new window from IE will keep you logged in. However- removing all persistent cookies and closing IE should kill any association the server has to you, the only way it has any guessable context over who you are is your IP and user agent signature.
     
    Any application that belives an IP and user agent signature is an accurate representation of a context is asking for some servere security breaches.

    The only fragments of how you are being identified is:

    a) the link on the desktop sends query string information
    b) ie has gone screwy and isn't clearing cookies?
    c) there's some freaky client side code set to reinstantiate your cookie constantly meaning that by the time you exit the dialog to clearing your cookies, the 'freaky client side code' is just recreating it.

    Edit: you should also ensure this application isn't doing something extremely stupid like allowing its output to be cached by proxies.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.