Re: Possible IE 6 Bug - Differences Between Windows Explorer And IE

From: Jim Cheshire [MSFT] (
Date: 04/19/04

  • Next message: Larry: "trying to post to aspx anonyomously is blocked?"
    Date: Mon, 19 Apr 2004 15:12:33 GMT

    Hi Kev,

    I'm not sure why you would see different behavior between IE 5 and 6. You
    might want to post this question in the IE Client newsgroup for input

    Jim Cheshire, MCSE, MCSD [MSFT]
    Developer Support

    This post is provided "AS-IS" with no warranties and confers no rights.

    >From: (Kevin Watkins)
    >Subject: Re: Possible IE 6 Bug - Differences Between Windows Explorer And
    >Date: 19 Apr 2004 02:00:14 -0700
    >Lines: 41
    >Message-ID: <>
    >References: <>
    >Content-Type: text/plain; charset=ISO-8859-1
    >Content-Transfer-Encoding: 8bit
    >X-Trace: 1082365215 17082 (19 Apr 2004
    09:00:15 GMT)
    >NNTP-Posting-Date: Mon, 19 Apr 2004 09:00:15 +0000 (UTC)
    >Xref: cpmsftngxa10.phx.gbl
    >> Hi Kevin,
    >> This is not a bug in any version of the browser. This is by-design.
    >> process cannot access the memory for another process. As you have seen,
    >> when you browse a URL via a Windows Explorer window, it will browse that
    >> URL via the explorer.exe process. If you then open a new window, it
    >> launch a new iexplore.exe process, and that iexplore.exe process cannot
    >> access the memory space for the explorer.exe process.
    >> There is a way that you can force the process to not cache credentials
    >> this scenario. Open an Explorer window and click on Tools, Folder
    >> Click the View tab and select the option to "Launch folder windows in a
    >> separate process." After you check that, restart the computer. Now
    >> credentials will no longer be cached after the Windows Explorer window
    >> closed and a new one opened.
    >Thanks for your reply. I have just tested this again under IE5.5 and I
    >get different behaviour. The 'Launch folder windows in a separate
    >process' isn't ticked, yet the credentials do not get cached when I
    >shut the Windows Explorer window with my site in.
    >I can understand this being by design, but may I ask what the
    >rationale is? The design appears to have changed from 5.5 to 6
    >according to my simple tests, and surely not launching an iexplore.exe
    >process from Windows Explorer makes everything less secure? (In that
    >another user could gain access to the PC and gain login credentials,
    >whereas they couldn't if an iexplore.exe was launched) Especially
    >seeing as this box is not ticked by default.
    >I'm still thinking there must be a solution to this though. I cannot
    >get all my users to tick that box, because most of them won't and
    >people may login using public computers anyway. Many other sites I use
    >on the internet don't suffer from this problem, so I'm assuming there
    >must be something I can do to my site to plug this security hole? Is
    >there anything you can think of that might help?

  • Next message: Larry: "trying to post to aspx anonyomously is blocked?"