My ISAPI filter receives request, sets session ID to cookie,
runs some routine to authenticate client and return to IE SF_STATUS_REQ_FINISHED_KEEP_CONN.
After client presses REFRESH, ISAPI should check authentication result for this session ID.
But what happens is the next:
when i go to the server like http://localhost/MySecuredPage it works fine
but when i go http://www.mySiteName.com/MySecuredPage , get page with cookie and press "REFRESH" i get "connection to server couldn't be estableshed. Connection closed".
What is the problem ? does IIS behave different for this situations ?
Thanks
Здравствуйте Furic, Вы писали:
F>My ISAPI filter receives request, sets session ID to cookie, F>runs some routine to authenticate client and return to IE SF_STATUS_REQ_FINISHED_KEEP_CONN.
This retcode does not guarantee that connection will be keeped.
F>After client presses REFRESH, ISAPI should check authentication result for this session ID. F>But what happens is the next: F>when i go to the server like http://localhost/MySecuredPage it works fine F>but when i go http://www.mySiteName.com/MySecuredPage , get page with cookie and press "REFRESH" i get "connection to server couldn't be estableshed. Connection closed". F>What is the problem ? does IIS behave different for this situations ?
Please, describe the problem in more details. Show the cookie attributes (the best way is to show a response header here). And what browser are you using?
Здравствуйте Furic, Вы писали:
F>Here is my function that sends response to client:
F>hdrs << "Cache-Control: no-store \r\n" F><< "Set-Cookie: param1=" << getParam1()<<"; path=/r\n" F><< "Set-Cookie: param2=" << getParam2()<<"; path=/"<<"\r\n" F><< "Set-Cookie: param3=" << getParam3()"; path=/\r\n" F><< "Set-Cookie: Authentication_Code=AUTHENTICATED; path=/\r\n\r\n"<<ends; pfc->>ServerSupportFunction(SF_REQ_SEND_RESPONSE_HEADER,(PVOID)"200OK", LPDWORD(hdrs.str()),0); F>delete [] hdrs.str(); F>CString form = "<HTML>Authentication in progress...</HTML>"; F>DWORD len = form.GetLength(); pfc->>WriteClient((LPVOID)form.GetBuffer(len), &len); F>form.ReleaseBuffer();
F>My WebBrowser is IE 5.50
He-he. Looks like here is the reason of your problem:
no-store
The purpose of the no-store directive is to prevent the
inadvertent release or retention of sensitive information (for
example, on backup tapes). The no-store directive applies to the
entire message, and MAY be sent either in a response or in a
request. If sent in a request, a cache MUST NOT store any part of
either this request or any response to it. If sent in a response,
a cache MUST NOT store any part of either this response or the
request that elicited it. This directive applies to both non-
shared and shared caches. "MUST NOT store" in this context means
that the cache MUST NOT intentionally store the information in
non-volatile storage, and MUST make a best-effort attempt to
remove the information from volatile storage as promptly as
possible after forwarding it.
Even when this directive is associated with a response, users
might explicitly store such a response outside of the caching
system (e.g., with a "Save As" dialog). History buffers MAY store
such responses as part of their normal operation.
I.e. this directive should disable storing of the cookie. I think you'd better to replace it with "no-cache".
Lexey, thank a lot for your support.
But my problem is not that cookie disappears(with cookies everything OK, even with no-store). Problem , when i press "RERFESH" i get dialog "connection reset" and 404 error.
Thanks again.
