Microsoft KB Archive/942313

= Web pages do not appear as expected when you publish a Web site by using a publishing rule in Internet Security and Acceleration (ISA) Server 2006 =

Article ID: 942313

Article Last Modified on 12/4/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2006 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition

-



SYMPTOMS
You publish a Web site by using a publishing rule in Microsoft Internet Security and Acceleration (ISA) Server 2006. When a user visits the Web site, the Web pages do not appear as expected. For example, the page layout may be incorrect, or parts of a Web page may not appear.

You experience this problem if the following conditions are true:
 * You use Forms-based authentication (CookieAuth) in ISA Server 2006 to authenticate the users who visit the Web site.
 * The Web site is running a Web application that uses one or more commas as part of the cookie content.



CAUSE
This problem occurs because of how ISA Server 2006 parses cookie content when ISA Server performs Forms-based authentication.

When you use Forms-based authentication, ISA Server must parse the cookie content to extract the Forms-based authentication cookie. ISA Server requires the Forms-based authentication cookie to authenticate the user. To parse the cookie content, the parsing code in ISA Server looks for a semicolon or a comma to separate individual cookies.

Note According to Request For Comment (RFC) 2965 Section 3.3.4, cookies may be separated by using either a semicolon or a comma. A cookie may have the following format:

cookie = &quot;Cookie:&quot; cookie-version 1*((&quot;;&quot; | &quot;,&quot;) cookie-value)

After ISA Server extracts the Forms-based authentication cookie, it rebuilds the cookie content. During this process, ISA Server separates the individual cookies by using a semicolon character together with a space.

Note ISA Server uses a semicolon to separate individual cookies regardless of how the cookies were separated originally.

Because of how the cookie parsing code works in ISA Server, any comma in the cookie content is replaced by a semicolon. Therefore, if a Web application requires commas in the cookie content, the Web application may not work.

Important A semicolon or a comma may be used as a delimiter in cookie content. Therefore, we recommend that a Web application does not use a semicolon or a comma as part of cookie content.



RESOLUTION
A hotfix is available for computers that are running ISA Server 2006. To resolve this problem, install the hotfix that is described in the following Microsoft Knowledge Base article:

943215 Description of the ISA Server 2006 hotfix package: October 7, 2007

Hotfix installation information
By default, the behavior that this hotfix provides is not enabled. To enable this hotfix, follow these steps:  Start any text editor program, such as Notepad.  Paste the following script into the text editor window. ' -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- ' -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

'   This code is Copyright (c) 2007 Microsoft Corporation. ' '   All rights reserved. ' '   THIS CODE AND INFORMATION IS PROVIDED &quot;AS IS&quot; WITHOUT WARRANTY OF '    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO '    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A '    PARTICULAR PURPOSE. ' '   IN NO EVENT SHALL MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS BE '    LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY '   DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, '   WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS '   ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE '   OF THIS CODE OR INFORMATION. ' ' -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

Const SE_VPS_GUID = &quot;{143F5698-103B-12D4-FF34-1F34767DEabc}&quot; Const SE_VPS_NAME = &quot;KeepCookieSeparator&quot; Const SE_VPS_VALUE = true

Sub SetValue

' Create the root obect. Dim root ' The FPCLib.FPC root object Set root = CreateObject(&quot;FPC.Root&quot;)

' Declare the other objects that are needed. Dim array      ' An FPCArray object Dim VendorSets ' An FPCVendorParametersSets collection Dim VendorSet  ' An FPCVendorParametersSet object

' Obtain references to the array object ' and to the network rules collection. Set array = root.GetContainingArray Set VendorSets = array.VendorParametersSets

On Error Resume Next Set VendorSet = VendorSets.Item( SE_VPS_GUID )

If Err.Number <> 0 Then Err.Clear

' Add the item Set VendorSet = VendorSets.Add( SE_VPS_GUID ) CheckError WScript.Echo &quot;New VendorSet added... &quot; & VendorSet.Name

Else WScript.Echo &quot;Existing VendorSet found... value- &quot; & VendorSet.Value(SE_VPS_NAME) End If

if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then

Err.Clear VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE

If Err.Number <> 0 Then CheckError Else VendorSets.Save false, true CheckError

If Err.Number = 0 Then WScript.Echo &quot;Done with &quot; & SE_VPS_NAME & &quot;, saved!&quot; End If       End If    Else WScript.Echo &quot;Done with &quot; & SE_VPS_NAME & &quot;, no change!&quot; End If

End Sub

Sub CheckError

If Err.Number <> 0 Then WScript.Echo &quot;An error occurred: 0x&quot; & Hex(Err.Number) & &quot; &quot; & Err.Description Err.Clear End If

End Sub

SetValue  Save the file as a Microsoft Visual Basic script file by using the .vbs file name extension. For example, save the file as &quot;Keepcookieseparator.vbs.&quot; Click Start, click Run, type cmd, and then click OK. Use the cd command to change to the directory to which you saved the .vbs file in step 3. Type the following command, and then press ENTER:

cscript Keepcookieseparator.vbs

Note If you gave the file a name other than &quot;Keepcookieseparator.vbs,&quot; modify this command as appropriate.</ol>

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Keywords: kbfix kbbug kbtshoot kbprb KB942313

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.