Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

SharePoint 2007 and Internet Explorer 8 has problems with Sign in as a different user does not clear ASP.Net Session object

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks

SharePoint 2007 and Internet Explorer 8 has problems with "Sign in as a different user" does not clear ASP.Net Session object

Article ID: 2435214 - View products that this article applies to.

SYMPTOMS

In SharePoint 2007 using Internet Explorer 8 and "Sign in as a different user" displays with old Session data. After 30 seconds the session object is completly refreshed and all data is correct.
Back to the top | Give Feedback

CAUSE

SharePoint 2007 does not clear the Session and Cookie object with "Sign in as a different user". SharePoint 2007 Session objects are not designed as a security boundary.
Back to the top | Give Feedback

RESOLUTION

There are 3 different workaround available:

NOTE: Due to the relatively complex nature of the workarounds, potential implications should be very carefully evaluated before proceeding.

Workaround 1: customize init.js file or overload the method of LoginAsAnother() with an addition line of code: document.execCommand("ClearAuthenticationCache"); 
http://kbalertz.com/Feedback.aspx?kbNumber=970814/en-us
(http://kbalertz.com/Feedback.aspx?kbNumber=970814/en-us)


Workaround 2: change IIS authentication behavior to force the authentication for each incoming http request

Run the following:
cscript adsutil.vbs SET w3svc/<webappidentifier>/AuthPersistSingleRequest TRUE
example:    cscript adsutil.vbs SET w3svc/1048141505/AuthPersistSingleRequest TRUE

Workaround 3: create a custom httpmodule and deploy it over the farm (all webapplications)

Task of the custom http module: after calling sign-in as different user a custom http module implement EndRequest method of http module interface: Logic to implement: after calling "/_layouts/AccessDenied.aspx?loginasanotheruser=true" run httpcontext.Session.Clear();

Implementation: if after sending Response of "/_layouts/AccessDenied.aspx?loginasanotheruser=true" calling httpcontext.Session.Clear();

More details to implementing a custom httpmodule:
http://kbalertz.com/Feedback.aspx?kbNumber=307996/en-us
(http://kbalertz.com/Feedback.aspx?kbNumber=307996/en-us)

http://msdn.microsoft.com/en-us/library/ms227673.aspx 
Back to the top | Give Feedback
Note This is a "FAST PUBLISH" article created directly from within the Microsoft support organization. The information contained herein is provided as-is in response to emerging issues. As a result of the speed in making it available, the materials may include typographical errors and may be revised at any time without notice. See Terms of Use
(http://go.microsoft.com/fwlink/?LinkId=151500)
for other considerations.
Back to the top | Give Feedback

Properties

Article ID: 2435214 - Last Review: October 25, 2010 - Revision: 5.0
APPLIES TO
  • Microsoft Office SharePoint Server 2007
  • Microsoft Windows SharePoint Services 3.0
  • Windows Internet Explorer 8
Keywords: 
KB2435214
Back to the top | Give Feedback
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting