ISA Server caching Site Server Pages
- From: "Mark Alford" <malford@xxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Mon, 26 Nov 2001 10:37:59 -0700
Here's the problem I'm having:
We have an ISA Server in our DMZ that is used to publish a secure Site
Server site using Web Publishing rules and SSL bridging. We are using
HTML Forms based authentication and storing the access token in a
client-side cookie.
We have been testing the site security with the following procedure:
1. Log in (cookie is sent to the client)
2. Access a secured page
3. Copy the URL from the address bar
4. Log out (cookie is destroyed - this has been verified)
5. Paste the copied URL back into the browser
The results of step 5 is where we run into problems. The expected result
is that you should be redirected to the login screen, and prompted for
your user id and password before viewing the secured page.
This is the behavior we get when viewing the site on our intranet, or by
the IP address that the ISA server is listening on. When we try to view
the site by the external domain name, step 5 gives us the page we
requested -- without having to log in again.
It appears that ISA is caching our logon credentials only when using the
domain name. I've verified that all caching is disabled. Can anyone shed
some light on this for me?
Thanks
Other related posts:
- » ISA Server caching Site Server Pages
