Article ID: 973737 - Last Review: August 31, 2009 - Revision: 1.1

ISA Server 2006 does not pass the last server cookie to the client computer when HTML form authentication is used in the Web-publishing rule

View products that this article applies to.

System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.

Expand all | Collapse all

SYMPTOMS

Consider the following scenario:

In Microsoft Internet Security and Acceleration (ISA) Server 2006, you configure a Web-publishing rule that uses HTML form authentication.
You browse to the published Web server from a client computer.
The Web server replies with a "401 Unauthorized" response that includes several server cookies.

In this scenario, the client does not receive the last cookie from the server response. This behavior may break the application layer protocol between the client computer and the published Web server.

Back to the top

CAUSE

This problem occurs because the Forms-Based Authentication filter incorrectly parses the server response. Therefore, the filter misses the last cookie.

Back to the top

RESOLUTION

To resolve this problem, apply the hotfix rollup package that is described in the following Microsoft Knowledge Base article:

973738 (http://support.microsoft.com/kb/973738/ ) Description of the ISA Server 2006 hotfix package: July 19, 2009

Back to the top

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Back to the top

MORE INFORMATION

This problem affects SharePoint publishing when a user uses the “Sign in as a different user” functionality and then tries to sign in by using the previously logged-on account. In this situation, the user cannot use the original user account to log on again.

Back to the top