- Session variables are lost.
- Session state is not maintained between requests.
- Cookies are not set on the client system.
Because ASP session state and session variables rely on cookies to function, ASP cannot maintain session state between requests if cookies cannot be set on the client.
This issue can also be caused by an incorrect name syntax in a host header.
- Rename the domain name and the server name, and use only alphanumeric characters.
- Browse to the server by using the Internet Protocol (IP) address rather than the domain/server name.
Security patch MS01-055 corrects this security vulnerability by preventing servers with improper name syntax from setting cookies names. This patch requires that server names follow the naming conventions that are specified in Appendix 1 of Request for Comments (RFC) 833 "DOMAIN NAMES - IMPLEMENTATION and SPECIFICATION." For more information, refer to the "References" section.