The behavior of the
AuthManager object changed in Microsoft Commerce Server 2002 Service Pack 2
(SP2). In earlier versions of Commerce Server 2002, the
AuthManager object would set a cookie to be expired or would delete an
existing cookie when the
AuthManager.IsAuthenticated method returns a false value.
This behavior is a problem when you use URL-based tickets
instead of cookies. The client will receive a cookie warning although the site
code never intended to set a cookie. In Commerce Server 2002 SP2, changes were
made to the
AuthManager object to keep the state of whether the client supports
persistent and session cookies.
This change also affects the
AuthManager.SetUserID method. In the Commerce Server 2002 documentation, the
AuthManager.SetUserID method will set a new ticket. The
ticket will either be a
ProfileTicket string or an
AuthTicket string depending on the parameter that is passed. This ticket
causes a cookie to be sent to the client even if the client did not have an
existing cookie. Commerce Server 2002 SP2 changes the
SetUserID method so that a new ticket will be created in memory but it will
not be applied unless either the
SetProfileTicket method, the
SetAuthTicket method, or the
GetUrl method is called. The Commerce Server 2002 OrderSitelet code
calls the
SetUserID method and expects to see a
ProfileTicket cookie. The
SetUserID method will not find the
ProfileTicket cookie if the browser does not have that cookie. To use the
AuthManager object correctly, call the
SetProfileTicket method after you call the
SetUserID method. The OrderSitelet code does not call these methods in this
sequence.
For additional information about
this change in behavior , click the following article number to view the
article in the Microsoft Knowledge Base:
813125Â
(http://kbalertz.com/Feedback.aspx?kbNumber=813125/
)
FIX: IsAuthenticated tries to delete a cookie while in URL mode