You are currently offline, waiting for your internet to reconnect

SharePoint 2007 and Internet Explorer 8 has problems with "Sign in as a different user" does not clear ASP.Net Session object

In SharePoint 2007 using Internet Explorer 8 and "Sign in as a different user" displays with old Session data. After 30 seconds the session object is completly refreshed and all data is correct.
SharePoint 2007 does not clear the Session and Cookie object with "Sign in as a different user". SharePoint 2007 Session objects are not designed as a security boundary.
There are 3 different workaround available:

NOTE: Due to the relatively complex nature of the workarounds, potential implications should be very carefully evaluated before proceeding.

Workaround 1: customize init.js file or overload the method of LoginAsAnother() with an addition line of code: document.execCommand("ClearAuthenticationCache");

Workaround 2: change IIS authentication behavior to force the authentication for each incoming http request

Run the following:
cscript adsutil.vbs SET w3svc/<webappidentifier>/AuthPersistSingleRequest TRUE
example:    cscript adsutil.vbs SET w3svc/1048141505/AuthPersistSingleRequest TRUE

Workaround 3: create a custom httpmodule and deploy it over the farm (all webapplications)

Task of the custom http module: after calling sign-in as different user a custom http module implement EndRequest method of http module interface: Logic to implement: after calling "/_layouts/AccessDenied.aspx?loginasanotheruser=true" run httpcontext.Session.Clear();

Implementation: if after sending Response of "/_layouts/AccessDenied.aspx?loginasanotheruser=true" calling httpcontext.Session.Clear();

More details to implementing a custom httpmodule: 
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Article ID: 2435214 - Last Review: 10/25/2010 13:20:00 - Revision: 5.0

Microsoft Office SharePoint Server 2007, Microsoft Windows SharePoint Services 3.0, Windows Internet Explorer 8

  • KB2435214