SharePoint 2007 and Internet Explorer 8 has problems with "Sign in as a different user" does not clear ASP.Net Session object

Article ID: 2435214 - View products that this article applies to.
Expand all | Collapse all

SYMPTOMS

In SharePoint 2007 using Internet Explorer 8 and "Sign in as a different user" displays with old Session data. After 30 seconds the session object is completly refreshed and all data is correct.

CAUSE

SharePoint 2007 does not clear the Session and Cookie object with "Sign in as a different user". SharePoint 2007 Session objects are not designed as a security boundary.

RESOLUTION

There are 3 different workaround available:

NOTE: Due to the relatively complex nature of the workarounds, potential implications should be very carefully evaluated before proceeding.

Workaround 1: customize init.js file or overload the method of LoginAsAnother() with an addition line of code: document.execCommand("ClearAuthenticationCache"); 
http://support.microsoft.com/kb/970814/en-us

Workaround 2: change IIS authentication behavior to force the authentication for each incoming http request

Run the following:
cscript adsutil.vbs SET w3svc/<webappidentifier>/AuthPersistSingleRequest TRUE
example:    cscript adsutil.vbs SET w3svc/1048141505/AuthPersistSingleRequest TRUE

Workaround 3: create a custom httpmodule and deploy it over the farm (all webapplications)

Task of the custom http module: after calling sign-in as different user a custom http module implement EndRequest method of http module interface: Logic to implement: after calling "/_layouts/AccessDenied.aspx?loginasanotheruser=true" run httpcontext.Session.Clear();

Implementation: if after sending Response of "/_layouts/AccessDenied.aspx?loginasanotheruser=true" calling httpcontext.Session.Clear();

More details to implementing a custom httpmodule:
http://support.microsoft.com/kb/307996/en-us
http://msdn.microsoft.com/en-us/library/ms227673.aspx 
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Properties

Article ID: 2435214 - Last Review: October 25, 2010 - Revision: 5.0
APPLIES TO
  • Microsoft Office SharePoint Server 2007
  • Microsoft Windows SharePoint Services 3.0
  • Windows Internet Explorer 8
Keywords: 
KB2435214

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com