MS fix for IE cookie exploit creates new problem?

Results 1 to 2 of 2

Thread: MS fix for IE cookie exploit creates new problem?

  1. #1
    Join Date
    Dec 1969

    Default MS fix for IE cookie exploit creates new problem?

    We installed the critical update for the recent cookie exploit ( on 3 different platforms (IE5.5 SP2 on Win98, IE6 on Win98, IE5.5SP 2 on Win2k) , and seem to have suffered an interesting side-effect.<BR><BR>Once installed, the browser seems to have problems with ASP session cookies / session variables. It sets the cookie ok, but when redirecting (on a relative path) to another script, it loses it cookie values.<BR><BR>We&#039;ve duplicated this on 3 machines, and on 2 servers, and have also seen it affect the login for email. There are probably many other sites affected.<BR><BR>we&#039;re unsure of whether this is a bug or a feature of the update. Could somebody else try and replicate this problem? You could test it by setting up an email account at, then install the update, then try and log back into your email account, or alternatively, create your own basic ASP login process. <BR><BR>There is one other interesting aspect to this problem. It works fine when you hit the site using their IP, rather than their DNS name, and also works in Netscape (surprisingly)<BR>

  2. #2
    Join Date
    Dec 1969

    Default Did you ever find the solution to this problem?

    We are having the same issues. <BR><BR>thanks<BR>Arnold

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts