Sid_F
asked on
Sharepoint issue with persistent cookies for remote users
I am running Sharepoint 2010 and have it published via ISA. By default ISA uses session cookies but this has obvious problems for Sharepoint like every time the user opens an office document they get prompted for a username and password.
I understand I can enable persistent cookies for ISA but that opens a can of worms in terms of security. Is there ae way to do this or how are other companies handling this?
I understand I can enable persistent cookies for ISA but that opens a can of worms in terms of security. Is there ae way to do this or how are other companies handling this?
ASKER
Unfortunately that doesn't work as the cookie being provided by ISA is a session cookie. Adding the site to trusted sites doesn't change the cookie type to persistent. This would need to be done on the ISA side. Office cannot access a session cookie and hence the prompt for credentials.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes I have seen the two links but this is relying on the end user to make the right decision. I'm interested to hear from people who have implemented this in a more secure manor to avoid the persistent cookie from remaining on the server.
I don't think you can do it otherwise. The end user will only make the wrong decision a couple of times. They will learn.
Jeff
Jeff
ASKER
I'm thinking there must be an appliance that can do this : )
So, let me get this straight... you have ISA Server in place which is causing the problem, and you want to add an additional device to reverse what ISA is doing? Might as well just bypass ISA altogether.
But the fact is that even if you change to use Persistent Cookies, users will still need to add the site to their TRUSTED sites in IE in order for IE to share that cookie with the document request.
See http://support.microsoft.com/kb/2019105 for much more in-depth information.
Jeff
But the fact is that even if you change to use Persistent Cookies, users will still need to add the site to their TRUSTED sites in IE in order for IE to share that cookie with the document request.
See http://support.microsoft.com/kb/2019105 for much more in-depth information.
Jeff
ASKER
Yes the additional box will bypass ISA in fact we already have a box doing this but as yet I am unsure if this will do the trick. Adding to trusted sites shouldn't be a problem for users. Thanks.
ASKER
Thanks Jeff.
See http://support.microsoft.com/kb/932118 for more info.
Jeff
TechSoEasy