After the recent release of Internet Explorer 11, you may have noticed that you cannot log-in to your ASP.Net website with this browser if you are using forms authentication with cookies.

You may also have noticed that the session id is being stored in the url (some additional characters are being added to the site’s url seemingly out of nowhere), instead of a cookie when browsing the site only with IE11.

This happens because the cookieless parameter is not specified explicitly (such as UseDeviceProfile or AutoDetect), so it is browser dependant. To solve this issue, this parameter has to be forced in order that all browsers will use cookies to store the session id. Here is an example of the required change:

<authentication mode="Forms">
<forms cookieless="UseCookies" loginUrl="Account/Login" timeout="2880" />
</authentication>

0 comments

Add your comments