IIS and new Service Provider v2.5
cantor.2 at osu.edu
Tue Nov 6 14:09:50 EST 2012
On 11/6/12 2:00 PM, "Martin B. Smith" <smithmb at ufl.edu> wrote:
>I'm being told some folks have cast some suspicion on the following
>cookie as the place the SP software is detecting the "st:" --
Yeah, that's it.
>Is it possible there's a bug in parsing that cookie and somehow the SP
>thinks there's a header named "st:" being injected from ALL_HTTP?
Yes, I don't know why it was coded that way, but I probably was paying
more attention to the "safeHeaderNames" path than the other one.
More information about the users