When using Glow on Microsoft Internet Explorer 8, you may experience "Access denied" error messages, despite having access to the relevant Glow Group or Learning Space.

Whenever you use Glow, the first thing you need to do is log on. When you do this, your browser is issued with a 'cookie'. This 'cookie' holds information about your logon, such as your username and logon time. Whenever you try to access a different component in Glow (such as Glow Mail or Glow Learn) the browser uses the information that's been stored in the 'cookie' instead of having to ask you for the same details again, ie username and password. This is how Glow achieves 'single sign on' - the ability to have your logon information follow you to the different components in Glow without having to re-enter it.

This 'cookie' is also used, in much the same way, when accessing Glow Groups - when you attempt to enter the Glow Group, your details stored in the 'cookie' are checked against the Glow Group permissions (specifically your username), and then you're either taken to the Glow Group, or given an 'Access denied'/'Access request' screen.

Since the introduction of Microsoft Internet Explorer 8, we've found that anyone using this browser version to access Glow using multiple accounts (for instance an Accounts & Services Manager that has both an administration account, and also a personal account) is likely to experience "Access denied' error messages when attempting to access Glow Groups, regardless of permissions or otherwise, with intermittent occurrences.

This has been attributed to the significant change in Microsoft Internet Explorer 8 with the way it handles cookies behind the scenes. In previous versions of Microsoft Internet Explorer, the cookie that Glow issues when you log on was stored for that browser window only - this means that once you closed the window, the cookie was no longer valid, wasn't used again. Microsoft Internet Explorer 8 however now shares these cookies across all browser windows and tabs.

In terms of using Glow, this means that if you log on, use Glow, and then close the browser window when finished (without closing all other browser windows) the cookie is not removed from the current session. When then attempting to log back onto Glow, you're issued with a second cookie. The browser then effectively 'round robins' what cookie it uses when accessing your Glow Groups, Glow Mail, Glow Learn etc. If you've been using multiple accounts (as in the example above) your browser will then be authenticating on the first click as user one, and on the second click as user two (hence the intermittent "Access denied" messages).

This can also affect users only logging on with only one Glow account, because although the username value in the two cookies will be identical, the logon time will not, and Glow will detect that on one click the logon time is within the timeout, and on the second will detect that the timeout has passed, again resulting in unpredictable behaviour.

To ensure you don't receive "Access denied" messages, you must ensure that when you are finished using Glow, you click the 'Log off' button at the top right of every page. This forces the cookie to expire, so that it can no longer be used in that session. Once you've done that, please close the browser window.

In some rare instances (such as forgetting to use 'Log off', or using multiple accounts regularly), you may find that even if you close all browser windows, you still receive "Access denied" error messages when logging back into Glow. If this happens, you can force Microsoft Internet Explorer 8 to start a new session, ensuring no previously issued cookies are used.

To do this, please follow the steps below:

1. Open Microsoft Internet Explorer 8
2. Choose 'New Session' from the 'File' menu
3. Log on to Glow as normal

As a Site Collection Administrator, or Glow Group administrator, you may wish to consider putting Microsoft Internet Explorer 8 into 'compatibility mode' to ensure that all aspects of Glow display correctly. This particularly affects the 'Add Web Parts' and 'Modify Shared Web Parts' menus, and is recommended if you're having difficulty in these menus.

'Compatibility mode' is a site specific setting, meaning that setting it 'On' for Glow will not affect other sites you visit, and that the browser will return to 'compatibility mode' every time you visit Glow. To achieve this, please follow the steps below:

1. Log on to Glow
2. Click the 'compatibility mode' icon on the right-hand side of the address bar, as indicated below
3. Allow the browser window to refresh