Web site login problems (IE6)

[Griff]

We have a web application that users can use by first authenticating
themselves via a secure connection (HTTPS/SSL).

If one goes directly to that secure page then one can log in successfully
using most browsers (tested with IE6, FireFox & Netscape). These are all
running on a machine running XP SP2.

A company using this web application displays the secure logon page
"embedded" within their corporate site (using Frames). This causes a
problem.... The logon procedure still works as expected using FireFox or
Netscape, but does not work using IE6. This has been tested on two
machines, one running XP sp1 and the other XP sp2.

The symptom is that after completing the form with the logon credentials,
the user clicks on the "logon" button and the page appears to refresh itself
with the form input boxes all blanked.

I suspect that this is a browser setting that is causing this behaviour, but
which one I don't know. Someone suggested that setting the security level
to LOW should fix this, but we of course can't go around suggesting that
users downgrade their security.

Does anyone know what the specific issue could be and what acceptable advice
I could pass on to the end user?

Many thanks in advance

Griff

 

[McKirahan]

We have a web application that users can use by first authenticating
themselves via a secure connection (HTTPS/SSL).

If one goes directly to that secure page then one can log in successfully
using most browsers (tested with IE6, FireFox & Netscape). These are all
running on a machine running XP SP2.

A company using this web application displays the secure logon page
"embedded" within their corporate site (using Frames). This causes a
problem.... The logon procedure still works as expected using FireFox or
Netscape, but does not work using IE6. This has been tested on two
machines, one running XP sp1 and the other XP sp2.

The symptom is that after completing the form with the logon credentials,
the user clicks on the "logon" button and the page appears to refresh itself
with the form input boxes all blanked.

I suspect that this is a browser setting that is causing this behaviour, but
which one I don't know. Someone suggested that setting the security level
to LOW should fix this, but we of course can't go around suggesting that
users downgrade their security.

Does anyone know what the specific issue could be and what acceptable advice
I could pass on to the end user?

Many thanks in advance

Griff

Could you try ensuring that your page doesn't run in a frame:

<script type="text/javascript">
if (self != top) top.location = "http://{domain}/{page}";
</script>

Of course, JavaScript has to be enabled.

 

[Griff]

Could you try ensuring that your page doesn't run in a frame:

<script type="text/javascript">
if (self != top) top.location = "http://{domain}/{page}";
</script>

Of course, JavaScript has to be enabled.

Sorely tempted to [but that the howls of derision from those "requiring" to
embed it in a frame would be too much to bear].

 

[McKirahan]

Could you try ensuring that your page doesn't run in a frame:

<script type="text/javascript">
if (self != top) top.location = "http://{domain}/{page}";
</script>

Of course, JavaScript has to be enabled.

Sorely tempted to [but that the howls of derision from those "requiring" to
embed it in a frame would be too much to bear].

a) Try it; maybe they won't notice.

b) Perhaps they would reconsider their use of frames:

Why Frames Suck (Most of the Time)
http://www.useit.com/alertbox/9612.html

Web Commandments: Ten Deadly Sins and How to Overcome Them
http://www.smartisans.com/articles/web_commandments.aspx

c) Also, it's your site so they shouldn't make it look like it's part of
their's. It smacks of content grabbing, a practice that has been widely
admonished.

d) Of course, a "company using this web application" is a client which
likely overrides the above.


P.S. OEx is telling me that "microsoft.public.internetexplorer.security"
could not be resolved.

 

[Igor Tandetnik]

P.S. OEx is telling me that
"microsoft.public.internetexplorer.security" could not be resolved.

It's a new group, added a couple weeks ago. Go to Tools | Newsgroups -
this would cause OE to sync the group list with the server. If you still
don't see the group, go to Tools | Newsgroups and click Reset List.

While you are at it, go to Tools | Options | General and consider
checking "Notify me if there are any new newsgroups" option.
--
With best wishes,
Igor Tandetnik

With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going to
land, and it could be dangerous sitting under them as they fly
overhead. -- RFC 1925

 

[Frank Saunders, MS-MVP IE/OE]

P.S. OEx is telling me that
"microsoft.public.internetexplorer.security" could not be resolved.

In OE go to Tools | Accounts | Add (or New) | News.
Set up an account for this news server:

msnews.microsoft.com

The server is free and does not require you to logon. This news server
carries over 2200 newsgroups related to Microsoft products and keeps
messages at least 30 days.

To set up OE for news reading see
http://www.michaelstevenstech.com/outlookexpressnewreader.htm

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup only. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com./athome/security/protect/default.aspx
http://defendingyourmachine.blogspot.com/