RE: Encrypted URL

[Dean Saxe <Dean.Saxe () digitalinsight com>]

> From what we have seen, it is not dependent on how you open windows (ctrl-N
vs shortcuts) it appears to be installation specific.

-dhs

-----Original Message-----
From: Brecrost Jones [mailto:brecrost () hotmail com]
Sent: Monday, February 02, 2004 11:26 AM
To: webappsec () securityfocus com
Cc: Dean Saxe
Subject: Re: Encrypted URL


> Hey Erik,
>
> We have this problem with our apps.  It appears that MSIE, depending on how
> its installed, will sometimes share session cookies between browsers,
> causing what you describe below.  Other times it will not share those
> session cookies, effectively allowing multiple browser windows to access a
> single app and differentiate between them.
>
> Unfortunately, this appears to be an option at installation and I don't 
> know
> if it can be changed on the fly through registry settings or preferences.
> If it can be changed it would save me a lot of headaches with end users and
> QA. ;-)


I believe the behaviour you are describing is determined by whether you have

multiple IE windows, or multiple instances of IE running.  If you start IE, 
and hit ctrl-n or go File-->New-->Window, you get a new browser window, and 
session cookies are shared between the new windows.  However, if you start 
IE, e.g. by double-clicking a shortcut, and then double-click the shortcut 
again, you have two instances of IE running and session cookies are not 
shared between them.

I'm not sure, but maybe this will help with your headaches?

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*   
http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn
.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca