Recently we’ve received a support request about an issue concerning the DirectSmile Card and Gift Shop. Customers who use IE11 will continously be prompted to log in again when trying to order.
After some investigation (it was more like searching the needle in the haystack) we’ve been able to pin this issue down to a more general problem with Microsofts ASP.NET framework: When Microsoft introduced the new Internet Explorer 11 (and this happened also to the version 10) they have changed the user agent string delivered by the browser to the server. This string will be parsed by the ASP.NET framework to identify the browser and it’s capabilities (eg cookie support). This is also a problem for the document web-preview in DirectSmile Integration Server as the AJAX-calls will fail when using IE11.
Unfortunately the regular expression Microsoft uses for the parsing was not prepared for version 10 and 11 – with version 10 it simply failed that there are now two digits (9 –> 10) written. And with version 11 the whole string has been changed so the complete regular expressions needs to be changed.
So when a shop customer logs in the browser is recognized to not support cookies – therefor the IIS will switch to cookieless session states which result in a URL with an extra session ID. As the membership provider who is in responsibility for managing the logins does not support cookieless sessions, the customer will continously be prompted to log in.
Fortunately there is already a hotfix which will hopefully become part of the regular server updates soon: http://support.microsoft.com/kb/2836939/en-us – you won’t need to update all settings by hand.
So after installing this patch your software should work again for Internet Explorer 11
For more technical details I recommend these nice article from Scott Hanselman: