This update was installed on one of our webservers last night and is causing login issues on the Umbraco back-end.
It seems that Firefox logs in ok but Chrome and Internet Explorer appear to log-in and out immediately. The trace from Fiddler shows the following URL sequence (with correct username and pw)
That wouldn't explain the difference in behaviour between Firefox and Chrome. I wonder if there may be an issue with the way the cookies or redirects are processed between the browsers.
It seems that Firefox receives the Set-Cookie: ASP.NET_SessionId=................... in the response from the login.aspx Chrome and IE only get the UMB_UCONTEXT=....... cookie.
Not sure what this has to do with the MS11-100 update :-/
I just happened to run across this article, and then your question when researching installing this patch. Not sure if it applies to your issue but I'd thought I'd pass it along ...
I've solved the issue. Not quite sure how it happenned but the Server DateTime was wrong and UserContext cookie was expiring immediately. Strangely only started occuring since the MS11-100 got installed. Maybe the forms auth cookie format changed slightly.
MS Security Update MS11-100 (2638420)
This update was installed on one of our webservers last night and is causing login issues on the Umbraco back-end.
It seems that Firefox logs in ok but Chrome and Internet Explorer appear to log-in and out immediately. The trace from Fiddler shows the following URL sequence (with correct username and pw)
302 /umbraco/login.aspx.........
302 /umbraco/
200 /umbraco/logout.aspx.......
200 /umbraco/login.aspx...........
Anyone else experiencing this?
Maybe it changed the permissions on the umbraco folder?
That wouldn't explain the difference in behaviour between Firefox and Chrome. I wonder if there may be an issue with the way the cookies or redirects are processed between the browsers.
It seems that Firefox receives the Set-Cookie: ASP.NET_SessionId=................... in the response from the login.aspx
Chrome and IE only get the UMB_UCONTEXT=....... cookie.
Not sure what this has to do with the MS11-100 update :-/
I just happened to run across this article, and then your question when researching installing this patch. Not sure if it applies to your issue but I'd thought I'd pass it along ...
http://support.microsoft.com/kb/2659968
Jocelyn
Thanks Jocelyn. I don't think we have a problem with authentication more the handling of the cookies between FF, Chrome and IE.
Can't think of any other reason why Firefox would work but Chrome and IE not.
I've solved the issue. Not quite sure how it happenned but the Server DateTime was wrong and UserContext cookie was expiring immediately. Strangely only started occuring since the MS11-100 got installed. Maybe the forms auth cookie format changed slightly.
Oh well, something went right on Friday 13th :-)
is working on a reply...