First time here? Check out the site's "greatest hits" or read a post from the archives. Feel free to leave a comment or ask a question, and consider subscribing to the latest posts via RSS or e-mail. Thanks for visiting!
« Zero to Three Month Baby Ultimate Tools ... | Main | Running Mac OS X Tiger  »

Obscure Bug: ASP.NET doesn't handle cookies with non-standard server names

Posted in ASP.NET | Bugs.

Jon Box ran into a crazy bug today with ASP.NET, IIS and Cookie handling. These are my favorite bugs. I love sniffing HTTP traffic; not sure why.

I had thought that his cookie was being dropped due to a missing P3P privacy policy. Turns out, it seems, that his server name was like SERVER_NAME and that an underscore is outside of the RFC guidelines, specificaly RFC 1034 and RFC 1035. His IIS support guy at Microsoft pointed to Q222823 that mentions a warning message you'd get when naming your server in this non-standard way:

"The computer name "computer name" contains one or more non-standard characters. Standard characters include letters (A-Z, a-z), digits (0-9), and hyphens. Using a non-standard name will prevent other users from finding your computer on the network, unless your network is using the Microsoft DNS Server. Do you wish to use this non-standard name?"

The conclusion is that ASP.NET doesn't handle cookies properly unless the DNS name of the server in question is within specifications for standard naming. Seems obivous in retrospect, but the fact that the cookie is just dropped doesn't automatically lead one to this conclusion. Kudos to Jon for sticking to the problem. If he posts more details on his blog, I'll add a link.

UPDATE: Looks like it's IE, not ASP.NET, and for security purposes. Thanks Jeff Berkowitz!

Tracked by:
"Scott rocks" (Keyvan Nayyeri) [Trackback]
"Avoid Servers Names with Hyphens or Underscores" (.NET Musings) [Trackback]
"What Do You Need To Know?" (Wayne Allen's Weblog) [Trackback]


Thursday, January 12, 2006 10:58:41 PM (Pacific Standard Time, UTC-08:00)
I had exactly the same issue a few year ago. I was pulling my hair why my cookie wasn't working and it happened to be this issue. Changing the name of the machine certainly solved the problem. It took me pretty much the whole day to find the solution...
vbNullString
Friday, January 13, 2006 2:11:37 AM (Pacific Standard Time, UTC-08:00)
Howdy,

I encountered the same problem in the days before .Net.
We traced it to the underscore in the name, but it was Internet Explorer that would not accept the cookies from this server name.

Worse than that, whilst trying to fathom the problem, we had one older version of IE that would, and the newer more secure version that would not which proved to be a real red herring.


Tim H
Friday, January 13, 2006 7:01:59 AM (Pacific Standard Time, UTC-08:00)
Similar problem in a pre .NET ASP environment. In this scenario, we were adding sites to the Trusted Zone. If instead of adding the ServerName to the Trusted Zone, we used the IP Address, everything worked OK.

theCoach
Friday, January 13, 2006 2:52:44 PM (Pacific Standard Time, UTC-08:00)
This bug (really "intentional breaking change") was a documented consequence of a security fix: http://support.microsoft.com/default.aspx?scid=kb;EN-US;q312461

Jeff
Jeff Berkowitz
Comments are closed.

Contact

  • Scott Hanselman

Sponsors

Hosting By

Dedicated Windows Server Hosting by ORCS Web

On this page...

Tags

Africa (67) ASP.NET (595) ASP.NET Dynamic Data (15) ASP.NET MVC (45) BabySmash (17) Back to Basics (9) Bugs (168) CodeRush (21) Coding4Fun (37) Corillian (26) DasBlog (129) DevCenter (1) DevDays (5) Diabetes (60) DLR (1) eFinance (14) Gaming (113) HttpHandler (16) HttpModule (21) Identity (3) IIS (11) INETA (8) Internationalization (42) IOC (1) Javascript (66) Learning .NET (97) LINQ (16) Longhorn (11) Microsoft (68) Mix (9) Movies (44) MSBuild (1) Musings (478) Nant (39) NCover (12) NDC (11) NDoc (6) NotNorthwind (2) NUnit (46) Open Source (3) PDC (63) PHP (2) Podcast (145) PowerShell (59) Programming (230) Python (1) Reviews (125) Ruby (61) Screencasts (20) Silverlight (28) Source Code (46) Speaking (185) Subversion (14) TechEd (122) Thabo (3) Tools (396) VB (6) ViewState (19) Vista (2) Watir (21) Web Services (429) Windows Client (31) WPF (22) XML (289) XmlSerializer (31) Zenzo (38)

Calendar

<November 2008>
SunMonTueWedThuFriSat
2627282930311
2345678
9101112131415
16171819202122
23242526272829
30123456
Posts in timeline
Posts in Large Calendar

Archives

November, 2008 (10)
October, 2008 (22)
September, 2008 (16)
August, 2008 (14)
July, 2008 (25)
June, 2008 (19)
May, 2008 (17)
April, 2008 (17)
March, 2008 (26)
February, 2008 (21)
January, 2008 (28)
December, 2007 (19)
November, 2007 (17)
October, 2007 (31)
September, 2007 (39)
August, 2007 (37)
July, 2007 (43)
June, 2007 (37)
May, 2007 (32)
April, 2007 (38)
March, 2007 (29)
February, 2007 (46)
January, 2007 (31)
December, 2006 (27)
November, 2006 (31)
October, 2006 (32)
September, 2006 (39)
August, 2006 (34)
July, 2006 (40)
June, 2006 (18)
May, 2006 (31)
April, 2006 (34)
March, 2006 (30)
February, 2006 (38)
January, 2006 (44)
December, 2005 (19)
November, 2005 (34)
October, 2005 (24)
September, 2005 (37)
August, 2005 (20)
July, 2005 (24)
June, 2005 (33)
May, 2005 (16)
April, 2005 (22)
March, 2005 (34)
February, 2005 (15)
January, 2005 (37)
December, 2004 (28)
November, 2004 (30)
October, 2004 (34)
September, 2004 (22)
August, 2004 (34)
July, 2004 (18)
June, 2004 (64)
May, 2004 (49)
April, 2004 (21)
March, 2004 (29)
February, 2004 (29)
January, 2004 (36)
December, 2003 (25)
November, 2003 (24)
October, 2003 (59)
September, 2003 (42)
August, 2003 (24)
July, 2003 (44)
June, 2003 (29)
May, 2003 (21)
April, 2003 (30)
March, 2003 (27)
February, 2003 (47)
January, 2003 (50)
December, 2002 (31)
November, 2002 (38)
October, 2002 (44)
September, 2002 (15)
May, 2002 (2)
April, 2002 (4)

Google Ads