Form submission error with MSIE 6.0 (post data)
With MSIE 6, form is posted with empty data (sporadical)
Possible causes and solutions
* Reference brought to you by
Bugzero, it's more than just bug tracking software!
- You cannot post any data to mixed NTLM and non-NTLM authenticated Web sites.
Microsoft Internet Explorer requires NTLM authentication for all visits to a
website after you visit one NTLM authenticated folder of the website.
MSIE 5 or later has a feature called NTLM pre-authorization which lets the
browser cache credentials if an NTLM challenge is received. Subsequent requests
use the cached credentials.
- If you post a form via an ASP page, to IIS 4.0, and a sub folder on the site does
not use NTLM (but the parent does), the browser does not send the POST data to
the server. To solve this problem, use Regedt32 to navigate to:
On the Edit menu, Add Value name DisableNTLMPreAuth as a type REG_DWORD and set the data value to 1 (true).
- This is actually in IE, and not a problem on the server side. Once NTLM
authentication has been negotiated, the client browser will renegotiate
authentication before sending the POST data. Basically, there is a
handshake during initial authentication. When you do a form POST at any
point after that, the client reinitiates the handshake (with the empty
POST). The server responds with a challenge, and the client then
resubmits the POST with the form data (and the response to the challenge
in the authorization header).
It seems, any NTLM authentication to a server will result in this behavior
for subsequent POSTs to the same server (even unprotected resources). For
example, if I go to NTLM-protected resource
"/myntlm/test.html", then (later on) POST to the unprotected resource
"/unprotected/foo.asp" this will be exhibited.
The only way I have seen to get IE to "forget" it has previously
NTLM-authenticated to a site is to send a 401 page status. This
effectively resets the IE authentication state.
- Use KeepAlive off
on the server (Apache).