FIX: The NLSessionStrunknamePersistForOffice cookie domain that is generated by Forefront Unified Access Gateway 2010 is set to "host.domain.com" instead of to "domain.com"
- You publish Microsoft Office SharePoint Server 2007 or Microsoft SharePoint Server 2010 by using Microsoft Forefront Unified Access Gateway (UAG) 2010.
- You log on to the trunk from a client computer and then access the SharePoint application.
- You access an Office document from a SharePoint document library.
In this scenario, the NLSessionStrunknamePersistForOffice cookie domain that is generated by Forefront UAG is set to "host.domain.com" instead of to "domain.com."
Note In certain logoff customization scenarios, this behavior may cause trunk logoff not to complete successfully.
Some Forefront UAG trunk logoff customizations rely on an external server that uses the same domain suffix as the trunk's public host name to invalidate all the relevant cookies in order to complete the logoff process. Those customizations may be affected by this problem. Although other Forefront UAG cookies may be invalidated by that external server, the NLSessionStrunknamePersistForOffice cookie is never sent to the external server because it is a host cookie instead of a domain cookie. Therefore, the external server cannot invalidate this cookie. Then, when another request is made to the published SharePoint application, the NLSessionStrunknamePersistForOffice cookie is presented to the Forefront UAG server. The server considers this to be a valid ongoing session request and continues to give access.
Article ID: 2697696 - Last Review: 12/07/2012 08:49:00 - Revision: 4.0
- kbqfe kbfix kbexpertiseinter kbbug kbsurveynew KB2697696