[ic] Norton BHO causing session loss

Paul Jordan paul at gishnetwork.com
Thu Mar 3 19:52:50 UTC 2011

IC 5.6.3:
  FullURL 1
  NoAbsolute Yes
  MaxServers   5
  PIDcheck     300

SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown 
downgrade-1.0 force-response-1.0

NotRobotUA includes MSIE

I am seeing people getting a new session ID when travelling to an SSL 
encrypted page. I believe this is a new phenomenon because this site has 
been working fine for 5+ years. I just so happened to have access to a PC 
displaying the symptom and have narrowed it down to (at least on this 
computer) Norton Intrusion Protection, which is a browser Add-on. If I 
disable it, all works fine.

I placed a [data session spider] on the page and do not see IC recognizing 
it as a spider.

So far I only have knowledge of this issue affecting IE7 and IE8, and I only 
know that the above work around works on IE8, if they have the Norton BHO. 
Interestingly, I am using IE9 and happen to have the Norton BHO as well, and 
I personally *do not* lose my session when travelling to a SSL encrypted 

I am still gathering observations, but thought I'd cast this out there early 
to see what I catch.

Thanks in advance for any ideas.


More information about the interchange-users mailing list