Just today I downloaded IE8 Beta 2 to test dnn system. My production is still on 4.8.04. (Not 4.9.0). There is a big problem authentication problem that came forward. Issue is that if you open a dnn website in ie8 single tab, then login to the website. Now logout of the website on the same tab, now close the tab and open a new tab. In the new tab type the home URL of the same dnn website to which you logged in earlier in the previous tab, and you will notice that even though you had logged out from the website on the previous tab which you closed after logging out, on the new tab dnn will log you in automatically - which is wrong.

Even IE7 has multiple tab system but if you repeat the same step in IE7, on the second tab of the same browser instance dnn will not log you in automatically. DNN acts intelligent enough to know that it had logged the user out on the IE7 previous tab so on the new tab, it will again ask for the username/password.

Initially I thought this might be a problem with my production site or my machine, so I tried this in my office R&D lab over 8 machines, with various live dnn websites including dotnetnuke.com and I observed the same behavior.

I don't know if it’s a core dnn issue, or a configuration issue or IE8 issue - irrespective of whatever it is - thought this is a serious and needs to gain visibility and we all need to work together to address this asap, especially before IE8 production version goes live.

Appreciate if anyone can try and give us some pointers of what needs to be done to invalidate the user in the second tab of the same browser instance if the user was logged out on the first tab of the same browser instance - in short - a fix for the issue - even a temporary fix will do - as this is pretty serious. Any help is sincerely appreciated.

Sincerely,

Cathal you are right and I completely concur with you that we should work with production version of IE8.

I have already raised this issue with microsoft before I raised it here.

Let's see what they have to say, I will keep this thread updated on whatever information i receive from microsoft.

But in case if IE8 goes to production with this then we will have to look into it.

Sincerely,

Although I haven't examined this issue in any detail, it seems almost certainly related to a bug in the way IE8 is handling cookies and/or cookie expiration between a closed tab and a new request.  This would be in line with the general gossip I've heard about the state of the beta.  Being beta, these are exactly the sorts of issues I'd expect.

My guess is that if you examined the requests via a web proxy (such as Fiddler), you will see a cookie that should have been invalidated in the closed tab mysteriously re-submitted in a new tab request.  You can do so for extra credit, but it's not worth spending much time on until the product is closer to release.  This bug is virtually certain to be caught and corrected.

Brandon