WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Encrypted URL

From: "Brecrost Jones" <brecrost () hotmail com>
Date: Mon, 02 Feb 2004 09:25:45 -0700
Hey Erik,

We have this problem with our apps.  It appears that MSIE, depending on how
its installed, will sometimes share session cookies between browsers,
causing what you describe below.  Other times it will not share those
session cookies, effectively allowing multiple browser windows to access a
single app and differentiate between them.
Unfortunately, this appears to be an option at installation and I don't know 
if it can be changed on the fly through registry settings or preferences.
If it can be changed it would save me a lot of headaches with end users and
QA. ;-)
I believe the behaviour you are describing is determined by whether you have multiple IE windows, or multiple instances of IE running. If you start IE, and hit ctrl-n or go File-->New-->Window, you get a new browser window, and session cookies are shared between the new windows. However, if you start IE, e.g. by double-clicking a shortcut, and then double-click the shortcut again, you have two instances of IE running and session cookies are not shared between them. 

I'm not sure, but maybe this will help with your headaches?

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=dept/bcomm&pgmarket=en-ca&RU=http%3a%2f%2fjoin.msn.com%2f%3fpage%3dmisc%2fspecialoffers%26pgmarket%3den-ca
Previous By Date Next
Previous By Thread Next

Current thread: