Was caused when recyclying the enterprise server. Encrypted session get got a
lenght of 24 which resulted into a loop and finally a 500 error.
When encrypted sessionid does not match, session is logged off and redirected to
default page and encrypted session key restored.
All authentication related cookies tagged as httpOnly
web.config: enabledVersionHeader=false
autocomplete disabled
Login url injection redirection fixed
session hijacking implemented
Dont forget to apply ssl to your website with https and to set the requireSSL="false" to true
