Microsoft KB Archive/827033

= Changes in the behavior of the AuthManager object in Commerce Server 2002 SP2 =

Article ID: 827033

Article Last Modified on 11/18/2004

-

APPLIES TO


 * Microsoft Commerce Server 2002 Service Pack 2

-



SUMMARY
The behavior of the AuthManager object changed in Microsoft Commerce Server 2002 Service Pack 2 (SP2). In earlier versions of Commerce Server 2002, the AuthManager object would set a cookie to be expired or would delete an existing cookie when the AuthManager.IsAuthenticated method returns a false value.



MORE INFORMATION
This behavior is a problem when you use URL-based tickets instead of cookies. The client will receive a cookie warning although the site code never intended to set a cookie. In Commerce Server 2002 SP2, changes were made to the AuthManager object to keep the state of whether the client supports persistent and session cookies.

This change also affects the AuthManager.SetUserID method. In the Commerce Server 2002 documentation, the AuthManager.SetUserID method will set a new ticket. The ticket will either be a ProfileTicket string or an AuthTicket string depending on the parameter that is passed. This ticket causes a cookie to be sent to the client even if the client did not have an existing cookie. Commerce Server 2002 SP2 changes the SetUserID method so that a new ticket will be created in memory but it will not be applied unless either the SetProfileTicket method, the SetAuthTicket method, or the GetUrl method is called. The Commerce Server 2002 OrderSitelet code calls the SetUserID method and expects to see a ProfileTicket cookie. The SetUserID method will not find the ProfileTicket cookie if the browser does not have that cookie. To use the AuthManager object correctly, call the SetProfileTicket method after you call the SetUserID method. The OrderSitelet code does not call these methods in this sequence.

