web site login problem

[Guest]

I's running into a strange IE 6 problem at a customer site. After entering
the login information on an https screen and clicking the login button, IE is
redirected to a non-secure page, but this fails and it goes back to the login
screen as though nothing had happened. There are no errors presented on the
re-displayed login screen as would be the case if the login information were
incorrect (per tech support for the website). Firefox 1.5 is able to login
every time, on the same machine, apparently because it properly parses the
redirection and displays the first non-secure page.

Hijackthis shows no third party BHOs, but I tried disabling 3rd party
browser extensions just to make sure. I also cleared all IE temp files,
cookies, objects and cleared the SSL state and passwords/autocomplete. Also
tried lowering the Internet security settings to low.

The machine is running xp pro and had been running sp1, so the first thing I
tried was to upgrade to sp2 and download all updates, to no avail. A repair
reinstall of xp also failed to cure it.

The only verison of java is the MS VM 5.00.3810, and Firefox would also be
using this, if java is involved.

Any ideas on what the problem/fix would be?

 

[Jon Kennedy]

More troubleshooting here:

How to troubleshoot problems accessing secure Web pages with Internet
Explorer 6 Service Pack 2
http://support.microsoft.com/kb/870700/en-us

 

[Guest]

Even though IE has no problems accessing the secure page, I already tried
those steps...

 

[Robert Aldwinckle]

....

I's running into a strange IE 6 problem at a customer site. After entering
the login information on an https screen and clicking the login button, IE is
redirected to a non-secure page, but this fails and it goes back to the login
screen as though nothing had happened. There are no errors presented on the
re-displayed login screen as would be the case if the login information were
incorrect (per tech support for the website). Firefox 1.5 is able to login
every time, on the same machine, apparently because it properly parses the
redirection and displays the first non-secure page.

Hijackthis shows no third party BHOs, but I tried disabling 3rd party
browser extensions just to make sure. I also cleared all IE temp files,
cookies, objects and cleared the SSL state and passwords/autocomplete. Also
tried lowering the Internet security settings to low.

The machine is running xp pro and had been running sp1, so the first thing I
tried was to upgrade to sp2 and download all updates, to no avail. A repair
reinstall of xp also failed to cure it.

The only verison of java is the MS VM 5.00.3810, and Firefox would also be
using this, if java is involved.

Any ideas on what the problem/fix would be?

I think you need more diagnosis first to refine your symptom description.

I would try tracing the transactions e.g. with FiddlerTool or netcap.

Also, in case the problem is related to scripting on that page
I would try using a script debugger. Alternatively I would try
using maximal prompting via the Security options to improve
my understanding of how that page is rendering. Etc.


---

 

[Guest]

:

I think you need more diagnosis first to refine your symptom description.

I would try tracing the transactions e.g. with FiddlerTool or netcap.

I have ethereal on my laptop, but since the page works with Firefox on that
machine, and on IE on other machines, the problem isn't the contents of the
web page, or the transitions - the problem is with IE or its settings, on
this machine.

Also, in case the problem is related to scripting on that page
I would try using a script debugger.

Again, the problem is not with the script(s).

Alternatively I would try
using maximal prompting via the Security options to improve
my understanding of how that page is rendering. Etc.

Already did that, by setting IE back to defaults. After clicking on the
Login button, IE warns that I am going to go to a non-secure page (the login
page is https). I click on Ok and it displays the non-secure URL in the
address bar, same as Firefox. However, instead of displaying the page, it
reverts back to the login page.

Bottom line: the customer is not interested in pursuing it, unless we work
on it gratis, because of how much it has already cost them, without a
resolution My boss isn't going to go along with that. Unless someone can
point me to a specific area of the registry or some other quick
test/attempted fix, it is unlikely that I'll be working on it much.

All other similar IE issues that I've seen that were not fixed by sfc,
resintall of IE (sp1 machines), reinstall of sp2 or other conventional means
have been cleared up by a repair reinstall of XP ( I cuss Microsoft's lame
decision to integrate the browser with the OS everytime I have to do that)
and this is the first time that it hasn't effected a cure.

 

[Robert Aldwinckle]

:



I have ethereal on my laptop, but since the page works with Firefox on that
machine, and on IE on other machines, the problem isn't the contents of the
web page, or the transitions - the problem is with IE or its settings, on
this machine.

You are making the assumption that both browsers are being served
identically. Further you are assuming that the script path that both
browsers follow is the same. This would only happen (for a start)
if both browsers were presenting identical User-Agent strings.
Have you tried making FireFox present the IE User-Agent
or vice versa?

Again, the problem is not with the script(s).

Again, it gives you a point of comparison.

Already did that, by setting IE back to defaults. After clicking on the
Login button, IE warns that I am going to go to a non-secure page (the login
page is https). I click on Ok and it displays the non-secure URL in the
address bar, same as Firefox. However, instead of displaying the page, it
reverts back to the login page.

The key thing to see in the traces I suspect would be the request
being sent at this stage. If both browsers are sending http requests
here they both should be easily capturable and comparable.
But if it is still https you won't tell able to tell using an HTTP tracer.
Supposedly you can use a registry hack to get some clues:

<title>KB307272 - How To Trace ServerXMLHTTP Calls Using
the Winhttptracecfg Tracing Tool in XML</title>


A better alternative I think, provided you have access to the server
involved, would be doing your diagnosis there, assuming there would
be traces and logs available on the server which would explain its actions.
Realize that IE doesn't just manufacture that opening page out of nothing.
Something causes it to be requested and that is what you need to diagnose.

Bottom line: the customer is not interested in pursuing it, unless we work
on it gratis, because of how much it has already cost them, without a
resolution My boss isn't going to go along with that. Unless someone can
point me to a specific area of the registry or some other quick
test/attempted fix, it is unlikely that I'll be working on it much.

Well then, consider it information to jump start diagnosis for a subsequent
similar problem?

All other similar IE issues that I've seen that were not fixed by sfc,
resintall of IE (sp1 machines), reinstall of sp2 or other conventional means
have been cleared up by a repair reinstall of XP ( I cuss Microsoft's lame
decision to integrate the browser with the OS everytime I have to do that)
and this is the first time that it hasn't effected a cure.

Even more of an indication that the difference could be due to the server
or the processing the client is made to do IMO.


Robert
---

 

[Guest]

You are making the assumption that both browsers are being served
identically. Further you are assuming that the script path that both
browsers follow is the same. This would only happen (for a start)
if both browsers were presenting identical User-Agent strings.
Have you tried making FireFox present the IE User-Agent
or vice versa?

No, I am not making the assumption that both browsers are being served
identically. Here is some more info: the same login page works fine on
another xp pro sp2 machine running IE (mine). Both this machine and the
problem machine are running the latest windows updates and have the same
version of MS VM. One difference is that mine has never been infected with
adware.

Also, there are a number of win2k Pro sp4 machines in the same office, and
these all work. This tells me that there is no problem with the web page for
the majority of IE users, most of which are running variants of IE 6 on
variants of xp. The tech support guy for the web site says that he has never
heard of this problem, and you can bet that if there were a problem with the
script vis-a-vis IE, they would know about it.

Again, it gives you a point of comparison.

Of what? It won't tell me how to fix the problem, because the problem is
with the machine, not the web page.

The key thing to see in the traces I suspect would be the request
being sent at this stage. If both browsers are sending http requests
here they both should be easily capturable and comparable.
But if it is still https you won't tell able to tell using an HTTP tracer.
Supposedly you can use a registry hack to get some clues:

<title>KB307272 - How To Trace ServerXMLHTTP Calls Using
the Winhttptracecfg Tracing Tool in XML</title>


A better alternative I think, provided you have access to the server
involved, would be doing your diagnosis there, assuming there would
be traces and logs available on the server which would explain its actions.
Realize that IE doesn't just manufacture that opening page out of nothing.
Something causes it to be requested and that is what you need to diagnose.

See above. I do not have access to the server, and the problem is not on the
server.

Well then, consider it information to jump start diagnosis for a subsequent
similar problem?

If I ever run across this particular problem again, yes, but the typical
problem pertaining to transitions between non-secure and secure pages is that
IE will not display the secure page, not the one I am seeing.

Even more of an indication that the difference could be due to the server
or the processing the client is made to do IMO.

??? See above.