We have experienced session problems with both Bluestone's product and
Orion. This only happened to us when using IE 5.5. We did some extensive
tests and determine that certain IE versions have a problem with session.
This happened on secured and non-secured sites as well. Our workaround - at
the moment, we cannot correctly support certain versions of IE 5.5.
Just my thoughts....
Tom Pridham
-----Original Message-----
From: Tim Endres [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 26, 2001 5:33 PM
To: Orion-Interest
Subject: RE: Orion + IE + HTTPS = Trouble
If your code demonstrates that Orion loses the session (or creates a new
one),
each time that the SSL session is re-established, then that would indicate
to
me that it is an Orion bug. I assumed that your problem was tied to the
Basic
Auth, but you are apparently using a FORM instead, and your processing it
just
like ours in that case.
Bugzilla.... :(
tim.
> This is my first HTTPS application, so maybe I'm doing something wrong.
Our
> logon uses a JSP page, and places a UserInfo object in the HttpSession
> (along with other objects we use for workflow tracking). All subsequent
> access checks for this object before processing, forwarding to the logon
> page if it is not found. Our problem was that every two minutes the
session
> changes (a println() in the servlet now displays a different session id),
> the UserInfo object is not found, so the logon page is displayed again.
> Adding this registry entry solved the problem on all client machines. How
> should I change this to get around the problem?
>
> My only reason for suggesting that it may be an Orion problem is just that
> I've never had problems using IE on other company's secure sites, so
> something is being handled differently. If the problem lies with me,
thats
> OK, I just need someone to point me in the right direction so I can fix
it.
>
> Thanks,
> Bruce
>
> -----Original Message-----
> From: Tim Endres [mailto:[EMAIL PROTECTED]]
> Sent: Monday, March 26, 2001 2:24 PM
> To: Orion-Interest
> Subject: Re: Orion + IE + HTTPS = Trouble
>
>
> The artical you reference on Microsoft's site explicitly states that the
> problem
> is in MS's products, which implies it is not an Orion problem. Further,
the
> problem
> is related to BASIC AUTH dialogs. Thus, the reason I believe you are not
> seeing this
> problem in general with other servers is that nobody uses basic auth. Most
> sites put
> their login pages up as HTML FORM's, not as basic authentication.
>
> tim.
>
> > IE 5.0/5.5 running on 95/98/NT keeps losing it's HTTPS session with
Orion,
> > which is big trouble if you store logon info there. By default these
> > versions of IE renegotiate their SSL connections every two minutes, but
> this
> > can be changed by adding a DWORD registry entry.
> >
> >
>
HKLM\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL\ClientCache
> > Time
> >
> > Adding this entry, and setting it to 0x7FFFFFFF has solved all our
issues
> > with forcing constant logons when running in secure mode, but is a major
> > pain because it has to be done for all clients (except Win2K and WinME
> > clients)
> >
> > Since I have never come across this problem when logging on to other
HTTPS
> > sites on the web, I can't help but wonder if Orion is not handling the
> > situation properly (I've tried it on both 1.38 and 1.45). Does anyone
> else
> > have any experience with this problem, or can comment on whether Orion
> > should be handling this without modifying every client machine?
> >
> > Thanks,
> > Bruce
> >
> > Microsoft reference:
> > http://support.microsoft.com/support/kb/articles/Q265/3/69.ASP
> >
>
>
