This is a bizarre issue that I can't resolve.
We have a web product on a dedicated server that uses ASP pages (and global.asa)
Some of the sites on this server use anonymous access and some use just challange/response, but this makes no difference to this issue
The application operates in one main browser window, but also opens some new browser windows to perform some functions and show information pages
If you use favourites or type in the URL to the browser to gain access to the site , it works fine and lots of windows can be open/closed as necessary as the application is used, and the ASP session remains intact
BUT.... if the site is called via a redirect from another web site (internal or external), the ASP session is created and remains intact for the main window, but after a second new browser window is opened the ASP session is killed. After the first new window is opened, everything is fine and the main browser window operates as normal with multiple page requests causing no problem - it's only when the second new window is opened that the ASP session is immediately killed.
This problem is perfectly consistent and recreatable. It is very obvious when anonymous login is not enabled, because the challenge response re-requests a username and password to access the server.