Change in behavior of SharePoint Server 2010 Output Cache after April 2012 CU

Consider the following scenario:

You have a SharePoint 2010 web application with anonymous and Windows integrated authentication enabled
In this Web application you have a site collection using the Publishing site template
You have enabled output caching on this site collection with one authenticated profile

You have installed  .NET Framework security update MS11-100 or later .NET security update on your SharePoint server.
You have installed April 2012 Cumulative Update for SharePoint 2010 Server Package (KB 2598321 or 2598151)
These steps restored functional output cache for authenticated users however the behavior changes.

Authenticated users after first login get a newly generated page then loading the same page the second time they get a newly generated page and they only get a cached page on the third attempt if the page has not been placed in the output cache before.
When the WSS_KeepSessionAuthenticated is sent from SharePoint to ensure that every request from this user will stay authenticated and will not revert back to anonymous, the page cannot be stored in the output cache due to a change in the .NET security update.

At the very first request if the client is authenticated and does not send the WSS_KeepSessionAuthenticated cookie, SharePoint send it back which disables storing the page in output cache.

During the second request the client sends the WSS_KeepSessionAuthenticated so SharePoint Server will not send this cookie again if 2012 April CU is installed. At this time the page is stored in the output cache since no cookie was sent by SharePoint.

At third request the page is found in the cache and returned from the cache.

Note: There is no change in behavior if the users are anonymous only, those requests are cached after first rendering since no cookies are sent. There is no change in behavior if the web application does not allow anonymous users and only configured for authenticated users when the WSS_KeepSessionAuthenticated cookie is not used on SharePoint Server 2010.
This is the result of the change in .Net security update MS11-100 and expected behavior change for the scenario described above.
Output Cache; KB2656362
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use for other considerations.

Article ID: 2714963 - Last Review: 05/29/2012 05:46:00 - Revision: 4.0

Microsoft SharePoint Server 2010, Microsoft SharePoint 2010 For Internet Sites Enterprise, Microsoft SharePoint 2010 For Internet Sites Standard

  • KB2714963