[ic] Norton BHO causing session loss
Paul Jordan
paul at gishnetwork.com
Thu Mar 3 19:52:50 UTC 2011
IC 5.6.3:
FullURL 1
NoAbsolute Yes
MaxServers 5
PIDcheck 300
Aapche:
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
NotRobotUA includes MSIE
I am seeing people getting a new session ID when travelling to an SSL
encrypted page. I believe this is a new phenomenon because this site has
been working fine for 5+ years. I just so happened to have access to a PC
displaying the symptom and have narrowed it down to (at least on this
computer) Norton Intrusion Protection, which is a browser Add-on. If I
disable it, all works fine.
I placed a [data session spider] on the page and do not see IC recognizing
it as a spider.
So far I only have knowledge of this issue affecting IE7 and IE8, and I only
know that the above work around works on IE8, if they have the Norton BHO.
Interestingly, I am using IE9 and happen to have the Norton BHO as well, and
I personally *do not* lose my session when travelling to a SSL encrypted
page.
I am still gathering observations, but thought I'd cast this out there early
to see what I catch.
Thanks in advance for any ideas.
Paul
More information about the interchange-users
mailing list