Skip to main content

Bit by a 7 year old Internet Explorer bug, er, feature

I arrived on the client's floor and didn't even have a chance to walk into the office.
"Stop everything - we need to solve this problem"

Sounds serious.

After deploying an existing ASP.Net application to a new server, a basic run-through test is typically done, making sure that everything is working. This time, however, nothing would work. The site would load, but as soon as the user did anything, it would return them to the launch page. We tried a different site and it worked fine. So it must be the configuration of IIS --- that was the general consensus.

What was happening was that the session variables used in the application were simply not being registered. So if you issued a Session("Variable") = "Andrew", it didn't error out but it also didn't set the variable.

But it wasn't. The kicker came when we installed Chrome and tried the site - it worked fine!
Now, I'm a big fan of browsers but I don't think the solution to a problem is always "switch to ...." (unless it's IE 6).

StackOverflow to the rescue - I found this link - which seemed to describe the problem - "ie8-does-not-keep-session-variables".

Then in the comments was this innocent little note:
Blocking cookies when the host contains underscores is a known issue in IE.– EricLaw -MSFT- May 27 '11 at 20:03

As it turns out, it's not just a "known issue", according to the KB article:
"A potential security vulnerability exists in Internet Explorer versions 5.5 and 6.0 in which a malicious user could create a URL that allows a Web site to gain unauthorized access to cookies that are stored on a client computer and then (potentially) modify the values that are contained in these cookies."

IE 5.5 and 6 --- the actual KB article is from 2005.  So it must have been fixed, right? It seems kind of strange that every other browser doesn't have this issue, except ----


This behavior is by design.

The problem? The testing server was named with an underscore in it.

The workaround:
To work around this problem, use one of the following methods:
  • Rename the domain name and the server name, and use only alphanumeric characters.
  • Browse to the server by using the Internet Protocol (IP) address rather than the domain/server name.

Renaming the server name is something that every sys admin loves to do.

Thankfully, the testing could proceed with the IP address.

This is the first time I've ever come across this problem - but then again, I don't typically name servers with an underscore in it. But having been bit once, you can bet I'll be on the lookout.

What old bugs have you been bitten by?


Popular posts from this blog

Well, that explains CodePlex...

In a move that will be sure to anger open source (or rather anti-paid software, anti-Microsoft open source)  zealots, Microsoft is planning to buy GitHub.

A year ago, I mused about why Microsoft would shut down CodePlex and how the world needs competing source code repositories to be strong. I'm not the only one per this Slashdot article :
"...people have warned about GitHub becoming as large as it did as problematic because it concentrates too much of the power to make or break the open source world in a single entity, moreso because there were valid questions about GitHubs financial viability...." - Jacques Mattheij

I will be interested in seeing this play out - whether developers jump ship or not. Have all the efforts Microsoft has made in pushing towards open source be seen as genuine or will all the zealots jump ship or maybe even attack?

Microsoft's comment about why they shut down CodePlex referred to how spammers were using CodePlex. Well, GitHub has its own …

FoxInCloud Stats

FoxInCloud sent this link a while back about their statistics regarding visits to their site:

What's interesting here is the breakdown of people. Yes, I think it's understandable that the Fox community is getting older.

Another factor is the growth of the mobile and web environments taking over development. These environments really do push people towards the newer non-SQL or free SQL/hosted environments but more towards hosted storage options like Amazon and Google. A tool like FoxInCloud that helps MOVE existing applications to the cloud inherently competes with those environments.

But FoxInCloud also allows developers to extend their application further by giving them a starting point using Javascript and the basic CSS (such as Bootstrap). If you're not rebuilding your application from scratch, it's certainly a great step forward.

The World of Updates Today

I just received an update for Office 365. It certainly includes some cool features - including starting in one environment and picking it up in another environment. In recent years, I've certainly enjoined the use of Continuity on a Mac and in fact, I feel spoiled being able to start a message in one environment (even Google) and then finish it off on another.  This has become some pervasive when we were reviewing our most recent backlog at a client site, a similar feature was added to the current workload.

But with web applications, the trend is to reduce the amount of software on a client machine. I used to have automatic backup for all of my machines (thanks Carbonite!) but these days, many of my machines don't need anything beyond the core OS and some basic applications. Certainly that's the feeling with Chromebooks and even the lightweight aspect of many iOS apps. The functionality is mostly in the cloud.

When you upgrade your system, you expect it to a big update. So…