Select the product you need help with
- Internet Explorer
- Windows Phone
- More products
PRB: Session Variables Do Not Persist Between Requests After You Install Internet Explorer Security Patch MS01-055
Article ID: 316112 - View products that this article applies to.
This article was previously published under Q316112
After you install security patch MS01-055 for Microsoft Internet Explorer 5.5 or 6.0, you may encounter the following problems:
Because ASP session state and session variables rely on cookies to function, ASP cannot maintain session state between requests if cookies cannot be set on the client.
This issue can also be caused by an incorrect name syntax in a host header.
To work around this problem, use one of the following methods:
Security patch MS01-055 corrects this security vulnerability by preventing servers with improper name syntax from setting cookies names. This patch requires that server names follow the naming conventions that are specified in Appendix 1 of Request for Comments (RFC) 833 "DOMAIN NAMES - IMPLEMENTATION and SPECIFICATION." For more information, refer to the "References" section.
For additional information about security patch MS01-055, click the following article number to view the article in the Microsoft Knowledge Base:
312461For additional information about IIS configuration changes that may be necessary after you rename the server, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/312461/ )MS01-055: Internet Explorer cookie data can be exposed or altered through script injection
234142For more information about the RFC 883 specifications, refer to the following Internet Engineering Task Force Web site:
(http://support.microsoft.com/kb/234142/ )Updating IIS after you change the computer name
Article ID: 316112 - Last Review: July 28, 2005 - Revision: 5.2