Hello Group,
I have a situation where one of my intranet web
sites has this error: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'
What happens is that when you open the intranet site,
the user is normally logged in with their AD login.
This AD login is in a group which has permissions to the database.
The user will leave the web page open for say and hour or two. When they
come back to their desk and refresh their browser, they get the error.
is it possible the site logs in correctly but the sleeping process casues
the user to be force over to 'NT AUTHORITY\ANONYMOUS LOGON'? This user is n
ot
a valid user in our database. We do not user this user for any of our
permissions.
RichHere's a guess:
1. Your Intranet site stores the user's login information (i.e.
username) in a session variable
2. Your web server is configured to expire idle sessions after a
specific interval, in IIS the default is 20 minutes. When a session
expires, all variables associated with it are lost.
3. Your user leaves the site open for an hour without doing anything.
The session expires, losing their username from the session variables.
4. When your user refreshes their page, the page isn't checking for a
valid session, it blindly tries to connect to the database using the
username stored in the session variables, in this case nothing.
The proper fix for this is for the Intranet site to check for a valid
session, and throw up a "Session has expired" message, instead of
trying to connect to the database without a username.|||Hello Tracy,
thanks for the ideas. I forwarded them to my web guy but it seems he
already had thought of those ideas!
1. Your Intranet site stores the user's login information (i.e.
username) in a session variable
[me web guy said] I do use the session variable but my program has a
checking that will renew a session when it expires.
2. Your web server is configured to expire idle sessions after a
specific interval, in IIS the default is 20 minutes. When a session
expires, all variables associated with it are lost.
[me web guy said] I believed time is extended to be longer than 1 hour.
Not
sure how long but I think it’s more than an hour.
3. Your user leaves the site open for an hour without doing anything.
The session expires, losing their username from the session variables.
[me web guy said] Like I mentioned in #1, it’s automatically renewed.
4. When your user refreshes their page, the page isn't checking for a
valid session, it blindly tries to connect to the database using the
username stored in the session variables, in this case nothing.
[me web guy said] Same as #1
...nuts...
Rich
"Tracy McKibben" wrote:
> Here's a guess:
> 1. Your Intranet site stores the user's login information (i.e.
> username) in a session variable
> 2. Your web server is configured to expire idle sessions after a
> specific interval, in IIS the default is 20 minutes. When a session
> expires, all variables associated with it are lost.
> 3. Your user leaves the site open for an hour without doing anything.
> The session expires, losing their username from the session variables.
> 4. When your user refreshes their page, the page isn't checking for a
> valid session, it blindly tries to connect to the database using the
> username stored in the session variables, in this case nothing.
> The proper fix for this is for the Intranet site to check for a valid
> session, and throw up a "Session has expired" message, instead of
> trying to connect to the database without a username.
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment