Skip to main content

Bit by a 7 year old Internet Explorer bug, er, feature

I arrived on the client's floor and didn't even have a chance to walk into the office.
"Stop everything - we need to solve this problem"

Sounds serious.

After deploying an existing ASP.Net application to a new server, a basic run-through test is typically done, making sure that everything is working. This time, however, nothing would work. The site would load, but as soon as the user did anything, it would return them to the launch page. We tried a different site and it worked fine. So it must be the configuration of IIS --- that was the general consensus.

What was happening was that the session variables used in the application were simply not being registered. So if you issued a Session("Variable") = "Andrew", it didn't error out but it also didn't set the variable.

But it wasn't. The kicker came when we installed Chrome and tried the site - it worked fine!
Now, I'm a big fan of browsers but I don't think the solution to a problem is always "switch to ...." (unless it's IE 6).

StackOverflow to the rescue - I found this link - which seemed to describe the problem - "ie8-does-not-keep-session-variables".

Then in the comments was this innocent little note:
Blocking cookies when the host contains underscores is a known issue in IE. support.microsoft.com/kb/316112– EricLaw -MSFT- May 27 '11 at 20:03



As it turns out, it's not just a "known issue", according to the KB article:
"A potential security vulnerability exists in Internet Explorer versions 5.5 and 6.0 in which a malicious user could create a URL that allows a Web site to gain unauthorized access to cookies that are stored on a client computer and then (potentially) modify the values that are contained in these cookies."

IE 5.5 and 6 --- the actual KB article is from 2005.  So it must have been fixed, right? It seems kind of strange that every other browser doesn't have this issue, except ----


STATUS

This behavior is by design.


The problem? The testing server was named with an underscore in it.

The workaround:
To work around this problem, use one of the following methods:
  • Rename the domain name and the server name, and use only alphanumeric characters.
  • Browse to the server by using the Internet Protocol (IP) address rather than the domain/server name.

Renaming the server name is something that every sys admin loves to do.

Thankfully, the testing could proceed with the IP address.

This is the first time I've ever come across this problem - but then again, I don't typically name servers with an underscore in it. But having been bit once, you can bet I'll be on the lookout.

What old bugs have you been bitten by?


Comments

Popular posts from this blog

Well, that explains CodePlex...

In a move that will be sure to anger open source (or rather anti-paid software, anti-Microsoft open source)  zealots, Microsoft is planning to buy GitHub.

A year ago, I mused about why Microsoft would shut down CodePlex and how the world needs competing source code repositories to be strong. I'm not the only one per this Slashdot article :
"...people have warned about GitHub becoming as large as it did as problematic because it concentrates too much of the power to make or break the open source world in a single entity, moreso because there were valid questions about GitHubs financial viability...." - Jacques Mattheij

I will be interested in seeing this play out - whether developers jump ship or not. Have all the efforts Microsoft has made in pushing towards open source be seen as genuine or will all the zealots jump ship or maybe even attack?

Microsoft's comment about why they shut down CodePlex referred to how spammers were using CodePlex. Well, GitHub has its own …

FoxInCloud Stats

FoxInCloud sent this link a while back about their statistics regarding visits to their site:

http://foxincloud.com/blog/2017/12/27/VFP-community-lessons-from-foxincloud-site.html



What's interesting here is the breakdown of people. Yes, I think it's understandable that the Fox community is getting older.

Another factor is the growth of the mobile and web environments taking over development. These environments really do push people towards the newer non-SQL or free SQL/hosted environments but more towards hosted storage options like Amazon and Google. A tool like FoxInCloud that helps MOVE existing applications to the cloud inherently competes with those environments.

But FoxInCloud also allows developers to extend their application further by giving them a starting point using Javascript and the basic CSS (such as Bootstrap). If you're not rebuilding your application from scratch, it's certainly a great step forward.

Attending Southwest Fox 2019 could change your life - Find out how

Southwest Fox is coming up in October and as I do every year, I spoke with the organizers Rick, Doug and Tamar on the FoxShow.

Deadlines for Southwest Fox:
Super-saver price (before July 1): $695
Early-bird price (before August 1): $770
Regular price (August 1 and later): $820
This year, I took a different approach with separate shows for each organizer but the main message is still the same : July 1st is their Go/No-Go date.

Conferences don't talk about this very often. I don't think developers really question if Apple will hold their WWDC in June or Microsoft will hold their Build conference - but that's because those conferences are vendor-led.

Southwest Fox is a community-driven conference - it's not driven by a company with an agenda. Listen to the interviews and you can hear how important each of the organizers feel the live connection between speakers and among attendees.