Whenever you use Glow, the first thing you need to do is log on. When you do this, your browser is issued with a 'cookie'. This 'cookie' holds information about your logon, such as your username and logon time. Whenever you try to access a different component in Glow (such as Glow Mail or Glow Learn) the browser uses the information that's been stored in the 'cookie' instead of having to ask you for the same details again, ie username and password. This is how Glow achieves 'single sign on' - the ability to have your logon information follow you to the different components in Glow without having to re-enter it.
This 'cookie' is also used, in much the same way, when accessing Glow Groups - when you attempt to enter the Glow Group, your details stored in the 'cookie' are checked against the Glow Group permissions (specifically your username), and then you're either taken to the Glow Group, or given an 'Access denied'/'Access request' screen.
Since the introduction of Microsoft Internet Explorer 8, we've found that anyone using this browser version to access Glow using multiple accounts (for instance an Accounts & Services Manager that has both an administration account, and also a personal account) is likely to experience "Access denied' error messages when attempting to access Glow Groups, regardless of permissions or otherwise, with intermittent occurrences.
This has been attributed to the significant change in Microsoft Internet Explorer 8 with the way it handles cookies behind the scenes. In previous versions of Microsoft Internet Explorer, the cookie that Glow issues when you log on was stored for that browser window only - this means that once you closed the window, the cookie was no longer valid, wasn't used again. Microsoft Internet Explorer 8 however now shares these cookies across all browser windows and tabs.
In terms of using Glow, this means that if you log on, use Glow, and then close the browser window when finished (without closing all other browser windows) the cookie is not removed from the current session. When then attempting to log back onto Glow, you're issued with a second cookie. The browser then effectively 'round robins' what cookie it uses when accessing your Glow Groups, Glow Mail, Glow Learn etc. If you've been using multiple accounts (as in the example above) your browser will then be authenticating on the first click as user one, and on the second click as user two (hence the intermittent "Access denied" messages).
This can also affect users only logging on with only one Glow account, because although the username value in the two cookies will be identical, the logon time will not, and Glow will detect that on one click the logon time is within the timeout, and on the second will detect that the timeout has passed, again resulting in unpredictable behaviour.