BUG: Session ID Lost When New Window Opened

When you browse through a Web site and you open and close a new window, your session ID in the orginal Internet Explorer window may be lost.

Note This problem does not occur on Internet Explorer 5.5 without SP1 installed.

Internet Explorer triggers this behavior when you start your browser session from a file protocol URL. For example, this problem may occur if your home page is set to an HTML page on your hard disk (such as C:\Myhome.htm) or if you double-click an HTML page that is located on your local network drive to start a browser session.

Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.

Security update information

To resolve this problem, install the most current cumulative security update for Internet Explorer. To install the most current updates, visit the following Microsoft Web site: For more technical information about the most current cumulative security update for Internet Explorer, visit the following Microsoft Web site: Note This update was first included in security update 963027 (MS09-014). For more information, click the following article number to view the article in the Microsoft Knowledge Base:

Set your home page to an HTTP protocol URL, or be sure that you do not start your browser session with a file protocol URL.

This problem may occur if all of the following conditions are met:

• You are running Internet Explorer 5.5 SP1.
• The computer has recently been restarted.
• The browser session began with a file protocol URL (for example, the home page of your Internet Explorer is set to C:\Default.htm).
• You broswe to the HTTP or HTTPS protocol URL by using a hyperlink (as opposed to typing the URL in the address bar).
• A new window has been opened and closed.

Steps to Reproduce the Behavior

1. Create a simple HTML page that resembles the following and name it Test.htm. Save this Web page on the local C drive on the client computer (for example, in C:\Test.htm):

   <html>
   <body>
   <a href="http://myserver/test.asp">test</a>
   </body>
   </html>

2. Create another Web page on the IIS server (Myserver) that resembles the following and save it as Test.asp:

   <% language="vbscript" %>
   <html>
   <body>
   session id = <% Response.Write Session.SessionID %><br>
   <a href="test.asp" target="newwindow">Click here</a>
   </body>
   </html>

3. Make sure that the link in Test.htm jumps to the ASP file that you just saved to your IIS server.
4. Restart the client computer that is running Internet Explorer 5.5 SP1.
5. Double-click Test.htm.
6. Click the test link and note the session ID.
7. Click the Click here link. A new window opens.
8. Note that the session ID in the new window is the same as the session ID for the previous window.
9. Close the new window to view the original window.
10. Refresh the original window. The session ID is now lost, and a new session ID is provided by the server.

For more information about developing Web-based solutions for Microsoft Internet Explorer, visit the following Microsoft Web sites: