Sometimes I get 400 Bad Request error for different websites written on ASP.NET.
The only solution I know is to clean up cookies for that site. Seems like that the cause of problem is _utmz and _utma cookies, which belong to Google Analytics. The problem is occurs in common cases in Mozilla FireFox, sometimes on Ghrome and Safari and never in IE. This error occurs accidentally.
What I found:
From Stefan on the ASP.Net team: http://forums.asp.net/p/1431148/3221542.aspx
In current versions of ASP.NET Urls containing characters like the colon character will be rejected as a potential security threat. The historical reason for this is that the underlying NTFS file system supports alternate resource streams that can be accessed with names like "yourfile.txt:hiddendata.txt". Blocking the colon character from Urls prevents poorly written applications from accidentally working with alternate resource streams.
There is also a limitation in current versions of ASP.NET that incoming Urls need to map to the NTFS file system for purposes of determining managed configuration data.
In ASP.NET 4 these limitations can be optionally removed. However these changes are in the Beta 2 version of ASP.NET 4 - they are not in Beta 1. We tried out the Url listed earlier in this forum post and confirmed that with our internal builds of ASP.NET 4 you can use that style of Url and process it without any 400 error.
Is is a problem with ASP.NET runtime, cookie managment process of FireFox or Google Analytics code? What problem solutions do you know?