There is a bug in IE dealing with re-directs and SSL. I forget how it works
but it went something like this:
Login page invalidates session.
User enters user ID and password.
Login page re-directs to target page
IE Generates spurious additional request to login page which again
invalidates the
I only invalidate sessions when a logout request is
submitted; the login portion of the system doesn't
invalidate sessions. If a user double-submits a login
post request or login form request, that should be ok,
even if they do so out of order. BTW this is I.E.
5.5.4807.2300.
--- Sexton, George
session in Internet Explorer 5x
I only invalidate sessions when a logout request is
submitted; the login portion of the system doesn't
invalidate sessions. If a user double-submits a login
post request or login form request, that should be ok,
even if they do so out of order. BTW this is I.E