solution: MS02-015 (Q319182) breaks intranet cookies

From: Strele Franz (Franz.Strele@SYNERGIS.AT)
Date: 04/10/02


Date:         Wed, 10 Apr 2002 14:22:26 +0200
From: Strele Franz <Franz.Strele@SYNERGIS.AT>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

hi russ,

we got a lot of mails with the solution to our problem with cookies. thanks
a lot to everyone!

it seems that a server name with an underscore (like "my_server") is causing
this kind of trouble...

quoting Q312461 (ms01-55, which is included in q319182):
"This patch requires that domains that use cookies MUST only have
alpha-numeric characters (or '-' or '.') in the domain name. If they do not,
cookies may not work properly."

see Q312461 for details...

we still get a lot of mails asking for a solution. so i thought it would be
best to post this to ntbugtraq, maybe it helps someone...

thanks,
franz



Relevant Pages

  • Re: Attempt to de-mystify AJAX
    ... >> poster said "I don't want to hodl tons of data in a hidden frame, ... I never use cookies so a user ... How do you "break" the session key? ... > as needed back to the server. ...
    (comp.databases.pick)
  • Re: setcookie() Expiration
    ... to another server and the cookie expiration is correct. ... The test methodology I created is a standalone script which creates ... In all cases the cookies are set properly but the expiration on the ...
    (comp.lang.php)
  • Re: Attempt to de-mystify AJAX
    ... "Hyperlinks" always open a new browser window. ... What I meant is that the server, from its state tables, can easily determine ... >>> around cookies and JS, but it seems to be tough. ... >>> 1) use cookies to maintain the session key and hope that the expiration ...
    (comp.databases.pick)
  • Re: How hard is socket programming?
    ... single executable that now has web server capability. ... I don't know if it has cookies. ... IETF HTTP AUTH standard BASIC and DIGEST, ... CString HtmlToText(const char *s) ...
    (microsoft.public.vc.mfc)
  • Re: How hard is socket programming?
    ... single executable that now has web server capability. ... I don't know if it has cookies. ... IETF HTTP AUTH standard BASIC and DIGEST, ... CString HtmlToText(const char *s) ...
    (microsoft.public.vc.mfc)