IE10 injects token into .NET MVC links

Question

I have a working .NET MVC application, but when accessing with IE10 on Windows 8 the browser source code shows that all dynamically generated URLs, eg. with Url.Action

Answer 1

There is a bug in the browser definition files that shipped with .NET 2.0 and .NET 4, namely that they contain definitions for a certain range of browser versions. But the versions for some browsers (like IE 10) aren't within those ranges any more. Therefore, ASP.NET sees them as unknown browsers and defaults to a down-level definition, which has certain inconveniences, like that it does not support features like JavaScript and/or cookies.

Microsoft released hotfixes that correct the issue.

• .NET 4 - http://support.microsoft.com/kb/2600088
• .NET 2.0
  • http://support.microsoft.com/kb/2600100 for Win7 SP1/Windows Server 2008 R2 SP1, Windows Vista/Server 2008, Windows XP/Server 2003
  • http://support.microsoft.com/kb/2608565 for Win7/Windows Server 2008 R2 RTM

(Source)

Answer 2

That code is part of ASP.NET's cookieless session feature. You can disable it in the web.config <configuration><system.web> section with:

<sessionState cookieless="false" />

Or with:

<forms cookieless="UseCookies" />

I don't know why IE10 is doing that. You could probably add a browser file in app_browsers with updated IE10 info to tell it it supports cookies. Or perhaps you have cookies disabled?

Answer 3

Add your web.config file to cookieless="UseCookies" like this;

<authentication mode="Forms">
  <forms loginUrl="~/YourLoginUrl" timeout="2880" **cookieless="UseCookies"** />
</authentication>

This solve quoted from this link; https://stackoverflow.com/a/15510453/2057154