How much of a problem can an underscore cause, I hear you ask?
Well, quite a bit it seems…
I worked with Support the other week on an issue where a customer we doing a simple search in seach.asp, adding the items to a basket, clicking restore and getting :
It didn’t matter what they did.. We couldn’t get it to work.
This customer had a bit of a complex domain environment, with multiple sites, ISA servers with point to point VPN and lots of other things that kept us going down dead-ends for quite some time.
Then we had a breakthrough. The customer tried Firefox, rather than IE. And guess what? Firefox worked everytime.
So this is a configuration issue in Internet Explorer, you would think… But that’s not quite true.
What we were seeing in the Fiddler trace was that we were not keeping hold of a cookie that we should have been given at the beginning of the session. We can even see the cookie being sent to us.. but we the browser doesn’t use it in it’s next contact with the server. The net result is that the restore request can’t succeed because it’s using objects from another page, which are now “out of session”. Hence the error mesage.
So here is the line from Fiddler where the cookie is coming back to us :
HTTP/1.1 200 OK
Via: 1.1 XYZ, 1.1 ISASERVER
Expires: Mon, 19 Oct 2009 16:43:37 GMT
Date: Mon, 02 Nov 2009 14:03:37 GMT
Content-Type: text/html; charset=utf-8
Set-Cookie: dvwsRestoreBasketExchangeServer=MAIL; expires=Tue, 02-Nov-2010 00:00:00 GMT; path=/EnterpriseVault
Set-Cookie: ASPSESSIONIDCACQBCDS=GECBLIEDOAGAMAOCOMIKDHCC; path=/
But then in the next request to the server, the cookie is not sent.
If we look at the host information, we spot our infamous underscore :
GET /EnterpriseVault/search.asp?server=MAIL&mbx=SMTP:email@example.com&version=0 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; InfoPath.2; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MS-RTC LM 8)
Accept-Encoding: gzip, deflate
Authorization: Negotiate TlRMTVNTUAADAAAAGAAYAHwAAAAYABgAlAAAAAoACgBIAAAAGAAYAFIAAAASABIAagAAAAAAAACsAAAABYKIogUBKAoAAAAPUwBBAFIATgBUAGEAcwBpAGwAawBlAGIAYQBrAGsAZQBuAEEAUwAtAEwAQQBQAFQATwBQAP9InDQCuIS3AAAAAAAAAAAAAAAAAAAAAHuzN64lpw23TNVOnh2upuX0xxLOQ/FhEw==
It turns out that Internet Explorer will SILENTLY drop session cookies that come from hosts with an underscore in their name ! Firefox doesn’t do that. An underscore is an invalid character in a machine FQDN.
The customer is experimenting with workarounds, which will hopefully mean he doesn’t have to rebuild his entire domain structure, but, there will be trouble-ahead because Exchange 2010 doesn’t like underscores either.